INTELBRAS SDC 5850 Switch Series

EVPN Configuration Guide

This configuration guide is applicable to the following switches and software versions: INTELBRAS SDC 5850 switch series
(Release 6628P48 and later)
Preface
This configuration guide describes the EVPN fundamentals and configuration procedures.
This preface includes the following topics about the documentation:
• Audience.
• Conventions.

Audience
This documentation is intended for:
• Network planners.
• Field technical support and servicing engineers.
• Network administrators working with the SDC 5850 switch series.

Conventions
The following information describes the conventions used in the documentation.
Command conventions

Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.

Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.

Square brackets enclose a set of optional syntax choices separated by vertical bars,
[ x | y | ... ]
from which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select a minimum of one.

Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.

The argument or keyword and argument combination before the ampersand (&) sign
&<1-n> can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Description
Window names, button names, field names, and menu items are in Boldface. For
Boldface
example, the New User window opens; click OK.

Multi-level menus are separated by angle brackets. For example, File > Create >
>
Folder.
Symbols

Convention Description
An alert that calls attention to important information that if not understood or followed
WARNING! can result in personal injury.

An alert that calls attention to important information that if not understood or followed
CAUTION: can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT: An alert that calls attention to essential information.

NOTE: An alert that contains additional or supplementary information.

TIP: An alert that provides helpful information.

Network topology icons

Convention Description

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that

supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access

controller engine on a unified wired-WLAN switch.

Represents an access point.

T Represents a wireless terminator unit.

T Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

Represents a security product, such as a firewall, UTM, multiservice security

gateway, or load balancing device.

Represents a security module, such as a firewall, load balancing, NetStream, SSL

VPN, IPS, or ACG module.

Examples provided in this document

Examples in this document might use devices that differ from your device in hardware model,
configuration, or software version. It is normal that the port numbers, sample output, screenshots,
and other information in the examples differ from what you have on your device.
Contents
EVPN overview··················································································· 1
EVPN solutions ································································································································· 1
EVPN VXLAN ···························································································································· 1
EVPN benefits··································································································································· 1
Layered transport network··················································································································· 2
MP-BGP extension for EVPN ·············································································································· 2
RD and route target selection of BGP EVPN routes ················································································ 3

i
EVPN overview
Ethernet Virtual P rivate Network (EVPN) is a Lay er 2 VPN technology that provides both Layer 2 and
Layer 3 connectivity between distant network sites across an IP or MP LS network. EVPN uses
MP-BGP in the control plane and Virtual eXtensible LAN (V XLA N) or MPLS in t he data plane. EVP N
is typically used in data centers for multitenant services.

EVPN solutions
EVPN provides the EVPN V XLA N, EVPN Virtual Private Wire Service (VPWS), and EVPN Virtual
Private LAN Service (VPLS) solutions.

EVPN VXLAN
As shown in Figure 1, EVPN VXLAN uses the V XLA N technology for traffic forwarding in the data
plane. The transport edge devices assign VMs to different V XLA Ns, and then forward traffic at Layer
2 between sites for VMs by using V XLAN tunnels. The transport edge devices are V XLA N tunnel
endpoints (VTEPs). All EVPN VXLAN processing is performed on VTEPs
To provide Layer 3 connectivity between subnets of a tenant and between the EVPN V XLAN
network and external networks, you can deploy EVPN gateways.
For more information about EVPN VXLAN, see "Configuring EVPN VXLAN."
Figure 1 EVPN VXLAN network model

VM VSI/VXLAN 10 VSI/VXLAN 10 VM

VM VSI/VXLAN 20 VSI/VXLAN 20 VM

VM VSI/VXLAN 30 VSI/VXLAN 30 VM

VXLAN tunnel
ES ES

VTEP P VTEP
Server Transport Server
netw ork
Site 1 Site 2

EVPN benefits
EVPN provides the following benefits:
• Configuration automation—MP-BGP automates VTEP/PE discovery, VXLAN tunnel/PW
establishment, and VXLAN tunnel assignment to ease deployment.
• Separation of the control plane and the data plane—EVPN uses MP-BGP to advertise host
reachability information in the control plane and uses VXLAN or MPLS to forward traffic in the
data plane.
• Integrated routing and bridging (IRB)—MP-BGP advertises both Layer 2 and Layer 3 host
reachability information to provide optimal forwarding paths and minimize flooding in an EVPN
VXLAN network.

1
 • Point-to-point and point-to-multipoint connection—Layer 2 frames are transmitted
transparently across the IP or MPLS transport network between sites after they are
encapsulated into VXLAN packets or MPLS packets.

Layered transport network

As shown in Figure 2, typically the EVPN transport net work uses a layered structure. On the
transport net work, leaf nodes act as VTEPs or PEs to provide V XLAN services, and spine nodes
perform forwarding for V XLAN t raffic based on the out er IP header. If all VTEPs and transport
network devic es of an EVPN network belong to the same AS, the spine nodes can act as route
reflectors (RRs) to reflect routes between t he V TEPs. In this scenario, the spine nodes advertise and
receive BGP EVPN routes, but do not perform VXLAN encapsulation and de-encapsulation.
Figure 2 Layered transport network
RR RR
Spine

Transport
netw ork

Leaf

VTEP VTEP
Site 1 Site 2

Server Server

MP-BGP extension for EVPN

To support EVPN, MP-BGP introduces the EVPN subsequent address family under the L2VPN
address family and the following network layer reachability information (BGP EVPN routes):
• Ethernet auto-discovery route—Advertises ES information in multihomed sites.
• MAC/IP advertisement route—Advertises MAC reachability information and host route
information (host ARP or ND information).
• Inclusive multicast Ethernet tag (IMET) route —Advertises VTEP and VXLAN mappings for
automating VTEP discovery, VXLAN tunnel establishment, and VXLAN tunnel assignment in an
EVPN VXLAN network. Advertises PE information for automating PE discovery and PW
establishment in an EVPN VPLS network.
• Ethernet segment route—Advertises ES and VTEP mappings.
• IP prefix advertisement route—Advertises BGP IPv4 or IPv6 unicast routes as IP prefixes.
• Selective multicast Ethernet tag (SMET) route—Advertises IGMP multicast group
information among VTEPs in an EVPN network. A VTEP advertises an SMET route only when
receiving a membership report for an IGMP multicast group for the first time. The VTEP does
not advertise an SMET route if subsequent membership reports for the multicast group use the
same IGMP version as the first membership report.
• IGMP join synch route—Advertises IGMP membership reports among redundant VTEPs for
an ES.

2
 • IGMP leave synch route—Advertises IGMP leave group messages for withdrawal of IGMP
join synch routes among redundant VTEPs for an ES.
MP-BGP uses the route distinguisher (RD) field t o differentiate B GP EVPN routes of different VSIs or
cross-connect groups and uses route targets to control the advertisement and acceptance of BGP
EVPN routes. MP-BGP supports the following types of route targets:
• Export target—A VTEP or PE sets the export targets for BGP EVPN routes learned from the
local site before advertising them to remote VTEPs or PEs.
• Import target—A VTEP or PE checks the export targets of BGP EVPN routes received from
remote VTEPs or PEs. The VTEP or PE imports the BGP EVPN routes only when their export
targets match the local import targets.

RD and route target selection of BGP EVPN

routes
As shown in Table 1, you c an configure RDs and route targets for BGP EVPN routes in multiple
views.
Table 1 Supported views for RD and route target configuration

Item Views
• EVPN instance view
• VSI EVPN instance view
RD • VPN instance view
• Public instance view
• Cross-connect group EVPN instance view
• EVPN instance view
• VSI EVPN instance view
• VPN instance view
• VPN instance IPv4 address family view
• VPN instance IPv6 address family view
• VPN instance EVPN view
• Public instance view
• Public instance IPv4 address family view
• Public instance IPv6 address family view
Route targets • Public instance EVPN view
• Cross-connect group EVPN instance view
NOTE:
Route targets configured in VPN instance view apply to IPv4 VPN, IPv6 VPN, and
EVPN. Route targets configured in IPv4 address family view apply only to IPv4 VPN.
Route targets configured in IPv6 address family view apply only to IPv6 VPN. Route
targets configured in VPN instance EVPN view apply only to EVPN. Route targets
configured in IPv4 address family view, IPv6 address family view, or VPN instance
EVPN view take precedence over those in VPN instance view. The precedence order
for different views of a VPN instance also applies to the views of the public instance.

The device selects RDs and route targets for BGP EVPN routes by using the following rules:
• Ethernet auto-di scovery route s—The device uses the RD and route targets configured in VS I
EVPN instance view when advertising the routes. The device uses the route targets configured
in VSI EVPN instance view when accepting the routes.
• IMET routes and MAC/IP adverti sement route s that contain only MAC addresse s—The
device uses the RD and route targets configured in VSI EVPN instance view when advertising.

3
 The device uses the route targets configured in VSI EVPN instance view when accepting the
routes.
• MAC/IP advertisement routes that contain ARP or ND information—The device uses the
following settings when advertising the routes:
 RD and export route targets configured in VSI EVPN instance view.
 Export route targets configured for EVPN on a VPN instance or the public instance (VPN
instance view, EVPN view of a VPN instance or the public instance, and public instance
view).
The device uses the import route targets configured for EVPN on a VPN instance or the public
instance when accepting the routes.
• ES routes—The device uses the RD and export route targets configured in VSI EVPN instance
view when advertising the routes. The device uses the import route targets configured in VSI
EVPN instance view when accepting the routes.
• IP prefix advertisement routes—The devic e uses the route targets configured for the IP v4 or
IP v6 address family on a VP N instance or the public instance when advertising and accepting
the routes.

4
Contents
EVPN VXLAN overview········································································ 1
Network model ·································································································································· 1
Configuration automation···················································································································· 2
Assignment of traffic to VXLANs ·········································································································· 2
Traffic from the local site to a remote site ······················································································· 2
Traffic from a remote site to the local site ······················································································· 3
Layer 2 forwarding ····························································································································· 3
MAC learning ····························································································································· 3
Unicast······································································································································ 3
Flood ········································································································································ 4
Centralized EVPN gateway deployment ································································································ 5
Distributed EVPN gateway deployment ································································································· 6
About distributed EVPN gateway deployment·················································································· 6
Symmetric IRB ··························································································································· 7
Asymmetric IRB························································································································ 10
EVPN VXLAN multihoming················································································································ 11
About EVPN multihoming··········································································································· 11
DF election ······························································································································ 12
Split horizon····························································································································· 13
Redundancy mode···················································································································· 14
IP aliasing································································································································ 14
ARP and ND flood suppression·········································································································· 14
MAC mobility··································································································································· 15
EVPN M-LAG·································································································································· 16
About EVPN M-LAG·················································································································· 16
VM reachability information synchronization·················································································· 16
Virtual VTEP address ················································································································ 16
Independent BGP neighbor relationship establishment ··································································· 17
Site-facing link redundancy ········································································································ 17
Configuring EVPN VXLAN···································································· 0
EVPN VXLAN tasks at a glance ··········································································································0
Restrictions and guidelines: EVPN VXLAN configuration ········································································· 1
Setting the VXLAN hardware resource mode ························································································· 2
Configuring a VXLAN on a VSI ············································································································ 2
Restrictions and guidelines for VXLAN configuration on a VSI ··························································· 2
Creating a VXLAN on a VSI·········································································································· 2
Configuring VSI parameters ········································································································· 2
Configuring an EVPN instance············································································································· 3
About EVPN instance configuration ······························································································· 3
Restrictions and guidelines for EVPN instance configuration ····························································· 3
Configuring an EVPN instance created in system view ····································································· 4
Configuring an EVPN instance created in VSI view ·········································································· 4
Configuring EVPN multihoming············································································································ 5
Restrictions and guidelines for EVPN multihoming··········································································· 5
Assigning an ESI to an interface ··································································································· 5
Setting the DF election delay ········································································································ 5
Configuring FRR for EVPN VXLAN································································································ 6
Disabling advertisement of EVPN multihoming routes ······································································ 6
Configuring BGP to advertise BGP EVPN routes ···················································································· 7
Restrictions and guidelines for BGP EVPN route advertisement························································· 7
Enabling BGP to advertise BGP EVPN routes ················································································· 7
Configuring BGP EVPN route settings ··························································································· 7
Enabling the device to ignore default routes in route recursion························································· 11
Maintaining BGP sessions ········································································································· 11
Mapping ACs to a VSI ······················································································································ 12
Mapping a static Ethernet service instance to a VSI ······································································· 12

i
 Mapping dynamic Ethernet service instances to VSIs ···································································· 13
Configuring a centralized EVPN gateway···························································································· 14
Restrictions and guidelines for centralized EVPN gateway configuration··········································· 14
Prerequisites for centralized EVPN gateway configuration ······························································ 14
Configuring a centralized gateway interface ················································································· 14
Setting the static flag for the MAC addresses of centralized gateway interfaces ································· 15
Configuring a distributed EVPN gateway ···························································································· 15
Restrictions and guidelines for distributed EVPN gateway configuration ··········································· 15
Prerequisites for distributed EVPN gateway configuration ······························································ 16
Configuring the traffic forwarding mode for EVPN VXLAN ······························································ 16
Configuring a VSI interface ········································································································ 16
Configuring an L3 VXLAN ID for a VSI interface············································································ 18
Configuring IP prefix route advertisement····················································································· 20
Configuring BGP route exchange between the public instance and VPN instances ···························· 21
Configuring the EVPN global MAC address ················································································· 23
Disabling generation of IP prefix advertisement routes for the subnets of a VSI interface ···················· 24
Enabling a distributed EVPN gateway to send RA messages over VXLAN tunnels····························· 25
Enabling traffic statistics for the VSIs automatically created for L3 VXLAN IDs··································· 25
Enabling the device to advertise ARP information for the distributed EVPN gateway interfaces through
MAC/IP advertisement routes····································································································· 26
Managing remote MAC address entries and remote ARP or ND learning················································· 26
Disabling remote MAC address learning and remote ARP or ND learning········································· 26
Disabling MAC address advertisement ························································································ 27
Enabling MAC mobility event suppression ··················································································· 27
Disabling learning of MAC addresses from ARP or ND information ·················································· 28
Disabling ARP information advertisement ···················································································· 29
Enabling ND information advertisement ······················································································· 29
Disabling the VSI interface on a centralized EVPN gateway from learning ARP or ND information across
subnets ·································································································································· 30
Enabling ARP mobility event suppression ···················································································· 31
Enabling ND mobility event suppression ······················································································ 31
Enabling ARP request proxy ······································································································ 32
Enabling ND request proxy ········································································································ 33
Enabling conversational learning for forwarding entries ········································································· 34
About conversational learning for forwarding entries ······································································ 34
Restrictions and guidelines for enabling conversational learning for forwarding entries ······················· 34
Enabling conversational learning for remote MAC address entries··················································· 34
Enabling conversational learning for host route FIB entries····························································· 35
Enabling conversational learning for IPv6 host route FIB entries ····················································· 35
Configuring BGP EVPN route redistribution and advertisement ······························································ 36
Redistributing MAC/IP advertisement routes into BGP unicast routing tables ···································· 36
Setting the metric of BGP EVPN routes added to a VPN instance's routing table ······························· 37
Enabling BGP EVPN route advertisement to the local site ······························································ 37
Disabling flooding for a VSI ··············································································································· 38
Enabling ARP or ND flood suppression ······························································································ 39
Enabling packet statistics for VXLAN tunnels······················································································· 39
Testing the connectivity of a VXLAN tunnel ························································································· 40
Enabling overlay OAM ·············································································································· 40
Pinging a VXLAN tunnel destination···························································································· 40
Tracing the path to a VXLAN tunnel destination ············································································ 41
Enabling SNMP notifications for EVPN ······························································································· 42
Configuring EVPN M-LAG ················································································································ 42
About this task························································································································· 42
Restrictions and guidelines ········································································································ 43
Prerequisites ··························································································································· 44
Procedure (IPv4)······················································································································· 45
Procedure (IPv6)······················································································································· 46
Display and maintenance commands for EVPN ··················································································· 46
EVPN VXLAN configuration examples ······························································································· 49
Example: Configuring a centralized EVPN gateway······································································· 49
Example: Configuring distributed EVPN gateways in symmetric IRB mode (IPv4 underlay network) ····· 56
Example: Configuring distributed EVPN gateways in symmetric IRB mode (IPv6 underlay network) ····· 65

ii
Example: Configuring distributed IPv4 EVPN gateways in asymmetric IRB mode ······························· 75
Example: Configuring communication between EVPN networks and the public network ······················ 83
Example: Configuring IPv4 EVPN M-LAG with a direct peer link ······················································ 92
Example: Configuring IPv4 EVPN M-LAG with a tunnel peer link···················································· 105
Example: Configuring IPv4 EVPN multihoming············································································ 117

iii
EVPN VXLAN overview
EVPN V XLA N uses EVPN routes for automatic V XLA N tunnel establishment and assignment and
MAC reachability information advertisement in the control plane and us es V XLAN for forwarding in
the data plane.

Network model
As shown in Figure 1, EVPN uses the V XLAN technology for traffic forwarding in the data plane. The
transport edge devices assign user terminals to different V XLA Ns, and then forward traffic between
sites for user terminals by using VXLA N tunnels. The transport edge devices are V XLA N tunnel
endpoints (VTEPs).
The EVPN network sites and t ransport network can be IP v4 or IP v6 networks. Supported user
terminals include PCs, wireless terminals, and VMs on servers.

NOTE:
This document uses VMs as examples to describe the mechanisms of EVP N. The mec hanisms do
not differ between different kinds of user terminals.

A VTEP uses ESs, VSIs, and VXLAN tunnels to provide VXLAN services:
• Ethernet segment (ES)—An ES is a link that connects a site to a VTEP. Each ES is uniquely
identified by an Ethernet segment identifier (ESI).
• VSI—A virtual switch instance is a virtual Layer 2 switched domain. Each VSI provides
switching services only for one VXLAN. VSIs learn MAC addresses and forward frames
independently of one another. User terminals in different sites have Layer 2 connectivity if they
are in the same VXLAN. A VXLAN is identified by a 24-bit VXLAN ID which is also called the
virtual network identifier (VNI). A VXLAN corresponds to an EVPN instance.
• VXLAN tunnel—Logical point-to-point tunnels between VTEPs over the transport network.
Each VXLAN tunnel can trunk multiple VXLANs.
All V XLA N processing is performed on V TEPs. The ingress VTEP encapsulates V XLAN traffic in the
V XLA N, outer UDP, and outer IP headers, and forwards the traffic through V XLAN tunnels. The
egress VTEP removes the V XLA N encapsulation and forwards the traffic to the destination.
Trans port net work devic es (for example, the P device in Figure 1) forward V XLA N traffic only based
on the outer IP header of VXLAN packets.
Figure 1 EVPN network model

Terminal VSI/VXLAN 10 VSI/VXLAN 10 Terminal

Terminal VSI/VXLAN 20 VSI/VXLAN 20 Terminal

Terminal VSI/VXLAN 30 VSI/VXLAN 30 Terminal

VXLAN tunnel
ES ES
Site 1 Site 2

VTEP P VTEP
Transport
netw ork

1
Configuration automation
If EVPN is used for Layer 2 forwarding, VTEPs use the following BGP EVPN routes to discover
VTEP neighbors, establish VXLAN tunnels, and assign the tunnels to VXLANs:
• IMET route—VTEPs advertise the VXLAN IDs they have through IMET routes. If two VTEPs
have the same VXLAN ID, they automatically establish a VXLAN tunnel and assign the tunnel
to the VXLAN.
• MAC/IP advertisement route—VTEPs advertise local MAC addresses and VXLAN IDs
through MAC/IP advertisement routes. If two VTEPs have the same VXLAN ID, they
automatically establish a VXLAN tunnel and assign the tunnel to the VXLAN.
If EVPN is used for Layer 3 forwarding, VTEPs use the following BGP EVPN routes to discover
VTEP neighbors, establish VXLAN tunnels, and assign the tunnels to VXLANs:
• IMET route—VTEPs advertise the VXLAN IDs they have through IMET routes. If two VTEPs
have the same VXLAN ID, they automatically establish a VXLAN tunnel and assign the tunnel
to the VXLAN.
• MAC/IP advertisement route and IP prefix advertisement route —In the EVPN gateway
deployment, VTEPs advertise MAC/IP advertisement routes or IP prefix advertisement routes
with the export targets. When a VTEP receives a route, it compares the export targets of the
route with the local import targets. If the route targets match, the VTEP establishes a VXLAN
tunnel with the remote VTEP and associates the tunnel with the L3 VXLAN ID of the
corresponding VPN instance. For more information about the L3 VXLAN ID, see " Distributed
EVPN gateway deployment."

Assignment of traffic to VXLANs

Traffic from the local site to a remote site
The V TEP uses an Ethernet service instanc e to match customer traffic on a site-facing interface. The
VTEP assigns customer traffic to a VXLAN by mapping the Ethernet service instance to a VSI.
An Ethernet service instance is identical to an attachment circuit (A C) in L2VPN. An Ethernet servic e
instance matches a list of VLA Ns on a Layer 2 Ethernet interface by using a frame match criterion.
The frame match criterion specifies the characteristics of traffic from the VLA Ns, such as tagging
status and VLAN IDs.
As shown in Figure 2, Ethernet service instance 1 matches V LAN 2 and is mapped to VSI A (V XLA N
10). When a frame from VLA N 2 arrives, the V TEP assigns the frame to V XLA N 10, and looks up VS I
A's MAC address table for the outgoing interface.
Figure 2 Identifying traffic from the local site

VTEP
Serv ice instance 1:
Server VLAN 2 VSI A
VXLAN 10
VLAN 2
VM 1
Serv ice instance 2:
VLAN 3 VLAN 3 VSI B
VM 2
VXLAN 20
VLAN 4
VM 3 Serv ice instance 3:
VLAN 4 VSI C
VXLAN 30

2
Traffic from a remote site to the local site
When a V XLAN packet arrives at a V XLAN tunnel interface, the V TEP uses the V XLAN ID in the
packet to identify its VXLAN.

Layer 2 forwarding
MAC learning
The V TEP performs Layer 2 forwarding bas ed on a VS I's MA C address table. The V TEP learns MA C
addresses by using the following methods:
• Local MAC learning—The VTEP automatically learns the sourc e MAC addresses of frames
sent from the local site. The outgoing interfaces of local MA C address entries are site-facing
interfaces on which the MAC addresses are learned.
• Remote MAC learning—The VTEP uses MP-BGP to advertise local MAC reachability
information to remote sites and learn MAC reachability information from remote sites. The
outgoing interfaces of MAC address entries advertised from a remote site are VXLAN tunnel
interfaces.

Unicast
As shown in Figure 3, the VTEP performs typical Layer 2 forwarding for known unicast traffic within
the local site.
Figure 3 Intra-site unicast

VM 1 MAC table on VTEP 1

VXLAN/VSI MAC Interf ace

VM 2
VXLAN 10/VSI A MAC 1 Interf ace A, VLAN 2
VM 3
VXLAN 10/VSI A MAC 4 Interf ace B, VLAN 3

Server 1 VM 7
P
Interf ace A
VM 8

Interf ace B
VTEP 1 VXLAN tunnel VTEP 2 VM 9
VM 4
Transport
Server 3
VM 5 netw ork

VM 6

Server 2

As shown in Figure 4, the following process applies to a known unicast frame between sites:
1. The source VTEP encapsulates the Ethernet frame in the VXLAN/UDP/IP header.
In the outer IP header, the source IP address is the source VTEP's VXLAN tunnel source IP
address. The destination IP address is the VXLAN tunnel destination IP address.
2. The source VTEP forwards the encapsulated packet out of the outgoing VXLAN tunnel
interface found in the VSI's MAC address table.
3. The intermediate transport devices (P devices) forward the packet to the destination VTEP by
using the outer IP header.

3
 4. The destination VTEP removes the headers on top of the inner Ethernet frame. It then performs
MAC address table lookup in the VXLAN's VSI to forward the frame out of the matching
outgoing interface.
Figure 4 Inter-site unicast

VM 1 MAC table on VTEP 1

VXLAN/VSI MAC Interf ace

VM 2
VXLAN 10/VSI A MAC 1 Interf ace A, VLAN 2
VM 3
VXLAN 10/VSI A MAC 7 Tunnel 1

Server 1 VM 7
Interf ace A
VXLAN tunnel 1 VM 8

Interf ace B Interf ace A

VM 4 VTEP 1 P VTEP 2 VM 9
Transport
netw ork Server 3
VM 5
MAC table on VTEP 2
VM 6
VXLAN/VSI MAC Interf ace

Server 2 VXLAN 10/VSI A MAC 1 Tunnel 1

VXLAN 10/VSI A MAC 7 Interf ace A, VLAN 3

Flood
As shown in Figure 5, a VTEP floods a broadcast, multicast, or unknown unicast frame to all
site-facing interfaces and V XLAN tunnels in the V XLAN, except for the incoming int erface. The
source V TEP replicates the flood frame, and then sends one replica to the destination IP address of
each V XLAN tunnel in the V XLA N. Each destination V TEP floods the inner Ethernet frame to all the
site-facing interfaces in the V XLAN. To avoid loops, the destination VTEPs do not flood the frame to
VXLAN tunnels.

4
 Figure 5 Forwarding of flood traffic

VM 1

VM 2

VM 3
Transport network
Replicate and
Server 1 encapsulate VM 7

VXLAN tunnel VM 8

VTEP 1 P VTEP 2 VM 9
VM 4

Server 3
VM 5

VM 6 VTEP 3

Server 2
VM 10

VM 11

VM 12

Server 4

Centralized EVPN gateway deployment

IMPORTANT:
This section uses IPv4 sites as examples to describe the Layer 3 forwarding process of EVPN
networks. The Layer 3 forwarding process does not differ between IPv4 and IPv6 sites.

Cent ralized EVP N gateway deployment uses one V TEP to provide Lay er 3 forwarding for V XLANs.
The V TEP uses virtual Layer 3 VSI interfaces as gateway interfaces for V XLA Ns. Typically, the
gateway-collocated V TEP connects to other VTEPs and the external network. To use this design,
make sure the gateway has sufficient bandwidth and processing capability.
As shown in Figure 6, a V TEP acts as a gateway for VMs in t he V XLA Ns. The V TEP both terminates
the V XLANs and performs Layer 3 forwarding for the VMs. The network uses the following process
to forward Layer 3 traffic from a VM to the destination:
1. The VM sends an ARP request to obtain the MAC address of the VSI interface that acts as the
gateway, and then sends the Layer 3 traffic to the centralized EVPN gateway.
2. The local VTEP looks up the matching VSI's MAC address table and forwards the traffic to the
centralized EVPN gateway through a VXLAN tunnel.
3. The centralized EVPN gateway removes the VXLAN encapsulation and forwards the traffic at
Layer 3.
4. The centralized EVPN gateway forwards the replies sent by the destination node to the VM
based on the ARP entry for the VM.

5
 Figure 6 Example of centralized EVPN gateway deployment
10.1.1.11 10.1.1.12
VSI/VXLAN 10 VSI/VXLAN 10

20.1.1.11 20.1.1.12
VSI/VXLAN 20 VSI/VXLAN 20

30.1.1.11 30.1.1.12
VSI/VXLAN 30 VSI/VXLAN 30
Transport
network

VXLAN tunnel

P
VTEP 1 VTEP 2
Server Server

Site 1 Site 2
VTEP 3/Centralized EVPN gateway
VSI-interface10
VSI/VXLAN 10 10.1.1.1/24

VSI-interface20
VSI/VXLAN 20

VSI/VXLAN 30 VSI-interface30

L3 network

Distributed EVPN gateway deployment

IMPORTANT:
This section uses IPv4 sites as examples to describe the Layer 3 forwarding process of EVPN
networks. The Layer 3 forwarding process does not differ between IPv4 and IPv6 sites.

About distributed EVPN gateway deployment

As shown in Figure 7, each site's VTEP acts as a gateway to perform Layer 3 forwarding for the
VXLANs of the local site. A VTEP acts as a border gateway to the Layer 3 network for the VXLANs.

6
 Figure 7 Distributed EVPN gateway placement design

L3 netw ork

Border gateway

VTEP/Distributed
EVPN gateway
VTEP/Distributed VXLAN tunnel VXLAN tunnel VTEP/Distributed
EVPN gateway EVPN gateway

VTEP

Server Server Server Server Server Server

Site 1 Site 2 Site 3 Site 4 Site 5 Site 6

A distributed EVPN gateway supports the following traffic forwarding modes:

• Asymmetric IRB—The ingress gateway performs Layer 2 and Layer 3 lookups and the egress
gateway performs only Layer 2 forwarding.
• Symmetric IRB—Both the ingress and egress gateways perform Layer 2 and Layer 3 lookups.

Symmetric IRB
Basic concepts
Symmetric IRB introduces the following concepts:
• L3 VXLAN ID—Also called L3 VNI. An L3 VXLAN ID identifies the traffic of a routing domain
where devices have Layer 3 reachability. An L3 VXLAN ID is associated with one VPN instance.
Distributed EVPN gateways use VPN instances to isolate traffic of different services on VXLAN
tunnel interfaces.
• Router MAC address—Each distributed EVPN gateway has a unique router MAC address
used for inter-gateway forwarding. The MAC addresses in the inner Ethernet header of VXLAN
packets are router MAC addresses of distributed EVPN gateways.
VSI interfaces
As shown in Figure 8, each distributed EVPN gateway has the following types of VSI interfaces:
• VSI interface as a gateway interface of a VXLAN—The VSI interface acts as the gateway
interface for VMs in a VXLAN. The VSI interface is associated with a VSI and a VPN instance.
On different distributed EVPN gateways, the VSI interface of a VXLAN use the same IP address
to provide services.
• VSI interface associated with an L3 VXLAN ID—The VSI interface is associated with a VPN
instance and assigned an L3 V XLAN ID. VSI interfaces associated with the same VPN instance
share an L3 VXLAN ID.
A border gateway only has VSI interfaces that are associated with an L3 VXLAN ID.

7
 Figure 8 Example of distributed EVPN gateway deployment

VXLAN tunnel

Layer 3 forwarding entry learning

A distributed EVPN gateway forwards Layer 3 traffic based on FIB entries generat ed from BGP
EVPN routes and ARP information.
A VTEP advertises an external route imported in the EVPN address family through MP -B GP. A
remot e V TEP adds the rout e to the FIB table of a VP N instanc e based on the L3 V XLA N ID carried in
the route. In the FIB entry, the out going interface is a V XLA N tunnel interface, and the next hop is the
peer VTEP address in the NEXT_HOP attribute of the route.
A VTEP has the following types of ARP information:
• Local ARP information—ARP information of VMs in the local site. The VTEP snoops GARP
packets, RARP packets, and ARP requests for the gateway MAC address to learn the ARP
information of the senders and generates ARP entries and FIB entries. In an ARP or FIB entry,
the outgoing interface is the site-facing interface where the packet is received, and the VPN
instance is the instance associated with the corresponding VSI interface.
• Remote ARP information—ARP information of VMs in remote sites. Each VTEP uses
MP-BGP to advertise its local ARP information with L3 VXLAN IDs in routes to remote sites. A
VTEP generates only FIB entries for the remote ARP information. A FIB entry contains the
following information:
 Outgoing interface: VSI interface associated with the L3 VXLAN ID.
 Next hop: Peer VTEP address in the NEXT_HOP attribute of the route.
 VPN instance: VPN instance associated with the L3 VXLAN ID.
The VTEP then creates an ARP entry for the next hop in the FIB entry.
Traffic forwarding
A distributed EVPN gateway can work in one of the following mode:

8
• Switching and routing mode—Forwards Layer 2 traffic based on the MAC address table and
forwards Layer 3 traffic based on the FIB table. In this mode, you need to enable ARP flood
suppression on the distributed EVPN gateway to reduce flooding.
• Routing mode— Forwards both Layer 2 and Layer 3 traffic based on the FIB table. In this
mode, you need to enable local proxy ARP on the distributed EVPN gateway.
For more information about MAC address table-based Layer 2 forwarding, see "Unicast."
Figure 9 shows the intra-site Layer 3 forwarding process.
1. The source VM sends an ARP request to obtain the MAC address of the destination VM.
2. The gateway replies to the source VM with the MAC address of the VSI interface associated
with the source VM's VSI.
3. The source VM sends a Layer 3 packet to the gateway.
4. The gateway looks up the FIB table of the VPN instance associated with the source VM's VSI
and finds the matching outgoing site-facing interface.
5. The gateway processes the Ethernet header of the Layer 3 packet as follows:
 Replaces the destination MAC address with the destination VM's MAC address.
 Replaces the source MAC address with the VSI interface's MAC address.
6. The gateway forwards the Layer 3 packet to the destination VM.
Figure 9 Intra-site Layer 3 forwarding
GW IP
GW MAC (VSI interf ace MAC)
IP 1 IP 2
MAC 1 MAC 2
VM 1 VM 2

Server 1 GW 1 Server 2

DMAC: GW MAC DMAC: MAC 2

SMAC: MAC 1 SMAC: GW MAC
DIP: IP 2 DIP: IP 2
SIP: IP 1 SIP: IP 1
DATA DATA

Figure 10 shows the inter-site Layer 3 forwarding process.

1. The source VM sends an ARP request to obtain the MAC address of the destination VM.
2. The gateway replies to the source VM with the MAC address of the VSI interface associated
with the source VM's VSI.
3. The source VM sends a Layer 3 packet to the gateway.
4. The gateway looks up the FIB table of the VPN instance associated with the source VM's VSI
and finds the matching outgoing VSI interface.
5. The gateway processes the Ethernet header of the Layer 3 packet as follows:
 Replaces the destination MAC address with the destination gateway's router MAC address.
 Replaces the source MAC address with its own router MAC address.
6. The gateway adds VXLAN encapsulation to the Layer 3 packet and forwards the packet to the
destination gateway. The encapsulated VXLAN ID is the L3 VXLAN ID of the corresponding
VPN instance.
7. The destination gateway identifies the VPN instance of the packet based on the L3 VXLAN ID
and removes the VXLAN encapsulation. Then the gateway forwards the packet based on the
matching ARP entry.

9
 Figure 10 Inter-site Layer 3 forwarding
GW IP GW IP
GW MAC (VSI interf ace MAC) GW MAC (VSI interf ace MAC)
GW MAC 1 (Router MAC of GW 1) GW MAC 2 (Router MAC of GW 2)
VTEP IP 1 VTEP IP 2
L3VNI 100 L3VNI 100
IP 1 IP 2
MAC 1 MAC 2
VM 1 VM 2

Server 1 GW 1 P GW 2 Server 2
Transport
netw ork
DIP: VTEP IP 2
SIP: VTEP IP 1
VNI: 100

DMAC: GW MAC DMAC: GW MAC 2 DMAC: MAC 2

SMAC: MAC 1 SMAC: GW MAC 1 SMAC: GW MAC
DIP: IP 2 DIP: IP 2 DIP: IP 2
SIP: IP 1 SIP: IP 1 SIP: IP 1
DATA DATA DATA

Communication between private and public networks

A distributed EVPN gateway uses the public instance to perform Layer 3 forwarding for the public
network and to enable communication between private and public networks. The public instance is
similar to a VPN instanc e. A distributed EVPN gateway processes traffic of the public instance in the
same way it does for a VPN instanc e. For the public instance to work correctly, you must configure
an RD, an L3 V XLAN ID, and rout e targets for it. If a VSI interface is not associated with any VPN
instance, the VSI interface belongs to the public instance.

Asymmetric IRB
VSI interfaces
Asymmetric IRB uses the same distributed EVPN gateway deployment as symmetric IRB.
As shown in Figure 8, each distributed EVPN gateway has the following types of VSI interfaces:
• VSI interface as a gateway interface of a VXLAN—The VSI interface is associated with a VSI
and a VPN instance. On different distributed EVPN gateways, the VSI interface of a VXLAN
must use different IP addresses to provide services.
• VSI interface associated with an L3 VXLAN ID—The VSI interface acts as the gateway for
VMs in a VXLAN to communicate with the external network through the border gateway. The
VSI interface is associated with a VPN instance and assigned an L3 VXLAN ID. VSI interfaces
associated with the same VPN instance share an L3 VXLAN ID.
A border gateway only has VSI interfaces that are associated with an L3 VXLAN ID.
Layer 3 forwarding
Asymmetric IRB supports only Layer 3 forwarding in the same VXLAN on distributed EVPN
gateways.
After a distributed EVPN gateway learns ARP information about local VMs, it advertises the
information to other distributed EVPN gateways through MAC/ IP advertisement routes. Other
distributed EVPN gateways generate FIB entries based on the advertised ARP information.
As shown in Figure 11, VM 1 and VM 2 belong to V XLAN 10 and they can reach each other at Layer
3 through the distributed EVPN gateways. The distributed EVPN gateways use the following process
to perform Layer 3 forwarding in asymmetric IRB mode when VM 1 sends a packet to VM 2:

10
 1. After GW 1 receives the packet from VM 1, it finds that the destination MAC address is itself.
Then, GW 1 removes the Layer 2 frame header and looks up the FIB table for the destination IP
address.
2. GW 1 matches the packet to the FIB entry generated based on the ARP information of VM 2.
3. GW 1 encapsulates the packet source and destination MAC addresses as the MAC addresses
of GW 1 and VM 2, respectively. Then, GW 1 adds VXLAN encapsulation to the packet and
forwards the packet to GW 2 through a VXLAN tunnel.
4. GW 2 removes the VXLAN encapsulation from the packet, and performs Layer 2 forwarding in
VXLAN 10 by looking up the MAC address table for the destination MAC address.
5. GW 2 forwards the packet to VM 2 based on the MAC address table lookup result.
Figure 11 Layer 3 forwarding in the same VXLAN (asymmetric IRB)
VSI-int 1 VSI-int 1
VXLAN 10 VXLAN 10
GW IP 1 GW IP 2
IP 1 GW MAC 1 GW MAC 2 IP 2
MAC 1 MAC 2
VXLAN 10 VXLAN 10
VM 1 VM 2

GW 1 P GW 2
Transport network
DIP: Tunnel dst
SIP: Tunnel src
VNI: 10

DMAC: GW MAC 1 DMAC: MAC 2 DMAC: MAC 2

SMAC: MAC 1 SMAC: GW MAC 1 SMAC: GW MAC 1
DIP: IP 2 DIP: IP 2 DIP: IP 2
SIP: IP 1 SIP: IP 1 SIP: IP 1
Data Data Data

EVPN VXLAN multihoming

About EVPN multihoming

As shown in Figure 12, EVPN supports deploying multiple V TEPs at a site for redundancy and high
availability. On the redundant V TEPs, Ethernet links connected to the site form an Ethernet segment
(ES) that is uniquely identified by an Ethernet segment identifier (ESI).

11
 Figure 12 EVPN multihoming
VTEP 1

VXLAN tunnel
Transport
ES
network
P
VTEP 3
Server 1 Server 2

Site 1 Site 2

VTEP 2

DF election
To prevent redundant VTEPs from sending duplicate flood traffic to a multihomed site, a designated
forwarder (DF) is elected from the V TEPs for each A C to forward flood traffic to the AC. VTEPs that
fail the election are assigned the backup designated forwarder (BDF) role. BDFs of an AC do not
forward flood traffic to the AC.
A remote V TEP takes part in the DF election of a multihomed site. Redundant V TEPs of t he site send
Ethernet segment routes to the remote V TEP to advertise ES and V TEP IP mappings. Then, the
VTEPs select a DF for each AC based on the ES and V TEP IP mappings by using the following
procedure:
1. Arrange source IP addresses in Ethernet segment routes with the same ESI in ascending order
and assign a sequence number to each IP address, starting from 0.
2. Divide the lowest VLAN ID permitted on an AC by the number of the redundant VTEPs, and
match the reminder to the sequence numbers of IP addresses.
3. Assign the DF role to the VTEP that uses the IP address with the matching sequence number.
The following uses AC 1 in Figure 13 as an example to explain the DF election procedure:
1. VTEP 1 and VTEP 2 send Ethernet segment routes to VTEP 3.
2. Sequence numbers 0 and 1 are assigned to IP addresses 1.1.1.1 and 2.2.2.2 in the Ethernet
segment routes, respectively.
3. The VTEPs divide 4 (the lowest VLAN ID permitted by AC 1) by 2 (the number of redundant
VTEPs), and match the reminder 0 to the sequence numbers of the IP addresses.
4. The DF role is assigned to VTEP 1 at 1.1.1.1.

12
 Figure 13 DF election
Loop0
1.1.1.1/32
VTEP 1
AC 1 permits VLAN 4
DF of AC 1
AC 2 permits VLAN 7
VLAN 4
VLANs 4 and 7

Transport
ES
network
Flood traffic of
P VTEP 3 VLANs 4 and 7
Server 1 Server 2

VLAN 7 VLANs 4 and 7

Site 1 Site 2

VTEP 2
DF of AC 2
Loop0
2.2.2.2/32

Split horizon
In a multihomed site, a V TEP forwards multicast, broadc ast, and unknown unicast frames received
from ACs out of all site-facing interfaces and V XLAN tunnels in the corresponding V XLA N, except for
the incoming interface. As a result, the other V TEPs at the site receive these flood frames and
forward them to site-facing interfaces, which causes duplicate floods and loops. EVPN introduces
split horizon t o res olve this issue. Split horizon dis ables a V TEP from forwarding flood t raffic received
from another loc al V TEP to site-facing interfaces if an ES on that local V TEP has the same ES I as
these interfaces. As shown in Figure 14, both V TEP 1 and VTEP 2 have ES 1. When receiving flood
traffic from VTEP 1, VTEP 2 does not forward the traffic to interfaces with ESI 1.

13
 Figure 14 Split horizon

Flood traffic of ES 2
ES2 VTEP 1
Server 4 Flood traffic of ES 1

Site 4

VXLAN tunnel
ES1 Transport
netw ork
P VTEP 3
Server 1 Server 2

Site 1 Site 2

VTEP 2

Server 3

Site 3

Redundancy mode
The device supports the all-active redundancy mode of EVPN multihoming. This mode allows all
redundant VTEPs at a multihomed site to forward broadcast, multicast, and unknown unicast traffic.
• For flood frames received from remotes sites, a VTEP forwards them to the ACs of which it is
the DF.
• For flood frames received from the local site, a VTEP forwards them out of all site-facing
interfaces and VXLAN tunnels in the corresponding VXLAN, except for the incoming interfaces.
For flood frames to be sent out of a VXLAN tunnel interface, a VTEP replicates each flood frame
and sends one replica to all the other VTEPs in the corresponding VXLAN.

IP aliasing
In all-active redundancy mode, all redundant VTEPs of an ES advertise the ES to remote V TEPs
through MP-B GP. IP aliasing allows a remot e VTEP to add the IP addresses of all the redundant
VTEPs as the next hops for the MAC or ARP information received from o ne of these VTEPs. This
mechanism creates ECMP routes between the remote VTEP and the redundant VTEPs.

ARP and ND flood suppression

ARP or ND flood suppression reduces A RP request broadcasts or ND request multicasts by
enabling the VTEP to reply to ARP or ND requests on behalf of VMs.
As shown in Figure 15, this feature snoops ARP or ND requests, ARP or ND res ponses, and B GP
EVPN routes to populate the ARP or ND flood suppression table with local and remote MAC

14
 addresses. If an ARP or ND request has a matching entry, the VTEP replies to the request on behalf
of the VM. If no match is found, the VTEP floods the request to both local and remote sites.
Figure 15 ARP and ND flood suppression

VM 1

VM 2
(1)
Transport network
VM 3 (6)

(2)
Server 1 VM 7
(3)
(5)
(4) VM 8
(2)
(7)
VTEP 1 P VTEP 2 VM 9
VM 4
(8) (2)
Server 3
VM 5

VTEP 3
VM 6 (3) (9) (10)

Server 2
VM 10

VM 11

VM 12

Server 4

The following uses ARP flood suppression as an example to explain the flood suppression workflow:
1. VM 1 sends an ARP request to obtain the MAC address of VM 7.
2. VTEP 1 creates a suppression entry for VM 1, floods the ARP request in the VXLAN, and sends
the suppression entry to VTEP 2 and VTEP 3 through BGP EVPN.
3. VTEP 2 and VTEP 3 de-encapsulate the ARP request and broadcast the request in the local
site.
4. VM 7 sends an ARP reply.
5. VTEP 2 creates a suppression entry for VM 7, forwards the ARP reply to VTEP 1, and sends the
suppression entry to VTEP 1 and VTEP 3 through BGP EVPN.
6. VTEP 1 de-encapsulates the ARP reply and forwards the ARP reply to VM 1.
7. VM 4 sends an ARP request to obtain the MAC address of VM 1.
8. VTEP 1 creates a suppression entry for VM 4 and replies to the ARP request.
9. VM 10 sends an ARP request to obtain the MAC address of VM 1.
10. VTEP 3 creates a suppression entry for VM 10 and replies to the ARP request.

MAC mobility
MAC mobility refers to that a VM or host moves from one ES to another. The source VTEP is
unaware of t he MA C move event. To notify other V TEPs of the change, the destination V TEP
advertises a MAC/IP advertisement route for t he MAC address. The s ourc e V TEP withdraws the old
route for the MA C address after receiving the new route. The MA C/IP advertisement route has a
sequence number that increases when the MAC address moves. The sequence number identifies
the most recent move if the MAC address moves multiple times.

15
EVPN M-LAG
IMPORTANT:
You can use EVPN M-LAG on IPv4 sites extended by IPv4 underlay networks or on IPv6 sites
extended by IPv6 underlay networks.

About EVPN M-LAG

As shown in Figure 16, EVPN multichassis link aggregation (M-LAG) virtualizes two V TEPs or EVP N
gateways into one M-LA G system through M-LA G to avoid single points of failure. The V TEPs or
EVPN gateways are called M-LA G member devices. For more information about M-LAG, see Layer
2—LAN Switching Configuration Guide.
Figure 16 EVPN M-LAG
VTEP

Transport
netw ork

Peer link
VTEP VTEP
Agg2 Agg1
Agg1 Agg2

Site 1 Site 2

Server 1 Server 2 Server 1 Server 2

VM reachability information synchronization

To ensure VM reachability information consistency in the M-LAG system, the M-LAG member
devic es synchronize MA C address entries and A RP or ND information with each other through a
peer link. The peer link can be an Ethernet aggregate link or a V XLAN tunnel, which are referred to
as direct peer link and tunnel peer link, respectively.

IMPORTANT:
The VXLAN tunnel that acts as the peer link is automatically associated with all VXLANs on each
M-LAG member device.

Virtual VTEP address

The M-LAG member devices use a virtual VTEP address to set up VXLAN tunnels with remote
VTEPs or EVPN gateways.

16
Independent BGP neighbor relationship establishment
The M-LAG member devices use different BGP peer addresses to establish neighbor relationships
with remote devices. For load sharing and link redundancy, a neighbor sends traffic destined for the
virtual V TEP address to both of the M-LAG member devic es through ECMP routes of the underlay
network.

Site-facing link redundancy

IMPORTANT:
This mechanism ensures service continuity in case of site-facing AC failure.

As shown in Figure 16, a VM accesses the EVPN network through multiple Ethernet links that
connect to the V TEPs. On each V TEP, all site-facing Ethernet links are assigned to a Layer 2
aggregation group for high availability. On the corresponding Layer 2 aggregate interfaces, Ethernet
service instances are configured as ACs of VXLANs to match customer traffic.
Link redundancy mechanism for a direct peer link
If the peer link is an Ethernet aggregate link, each VTEP in the M-LAG system creates dynamic ACs
on the peer-link interface by using one of the following methods:
• Creation based on site-facing ACs—When a site-facing AC is created, a VTEP automatically
creates an AC on the peer-link interface. The automatically created AC uses the same traffic
match criterion as the site-facing AC and is mapped to the same VSI as the site-facing AC.
• Creation based on VXLAN IDs—When a VXLAN is created, a VTEP automatically creates an
AC on the peer-link interface. The automatically created AC uses a frame match criterion
generated based on the VXLAN ID and is mapped to the VSI of the VXLAN.
When a site-facing A C goes down, traffic that a remote devic e sends to the A C is forwarded to the
other M-LA G member device through t he peer link. The other M-LAG member device identifies the
VSI of the traffic and forwards the traffic to the destination.
Link redundancy mechanism for a tunnel peer link
If a site-facing A C on an M-LAG member device is down, traffic received from a V XLAN tunnel and
destined for the AC will be enc apsulat ed into V XLA N packets. The V XLAN ID belongs to the V XLA N
that is associated with t he VSI of the site-facing A C. The M -LAG member device forwards the
V XLA N packets through the tunnel peer link to the peer M-LAG member device. The peer M-LA G
member device assigns the traffic to the correct VSI based on the VXLAN ID in the received packets.

17
Configuring EVPN VXLAN
EVPN VXLAN tasks at a glance
To configure EVPN VXLAN, perform the following tasks:
1. Setting the VXLAN hardware resource mode
2. Configuring a VXLAN on a VSI
a. Creating a VXLAN on a VSI
b. (Optional.) Configuring VSI parameters
3. Configuring an EVPN instance
4. (Optional.) Configuring EVPN multihoming
a. Assigning an ESI to an interface
b. (Optional.) Setting the DF election delay
c. (Optional.) Configuring FRR for EVPN VXLAN
d. Disabling advertisement of EVPN multihoming routes
5. Configuring BGP to advertise BGP EVPN routes
a. Enabling BGP to advertise BGP EVPN routes
b. (Optional.) Configuring BGP EVPN route settings
c. (Optional.) Enabling the device to ignore default routes in route recursion
d. (Optional.) Maintaining BGP sessions
6. Mapping ACs to a VSI
7. Configuring an EVPN gateway
Choose one of the following tasks:
 Configuring a centralized EVPN gateway
 Configuring a distributed EVPN gateway
8. (Optional.) Managing remote MAC address entries and remote ARP or ND learning
 Disabling remote MAC address learning and remote ARP or ND learning
 Disabling MAC address advertisement
 Enabling MAC mobility event suppression
 Disabling learning of MAC addresses from ARP or ND information
 Disabling ARP information advertisement
 Enabling ND information advertisement
 Disabling the VSI interface on a centralized EVPN gateway from learning ARP or ND
information across subnets
 Enabling ARP mobility event suppression
 Enabling ND mobility event suppression
 Enabling ARP request proxy
 Enabling ND request proxy
9. (Optional.) Enabling conversational learning for forwarding entries
To save device hardware resources, remote MAC entries, host route FIB entries, and remote
ARP entries are issued to the hardware only when the entries are required for packet
forwarding.
 Enabling conversational learning for remote MAC address entries

0
  Enabling conversational learning for host route FIB entries
 Enabling conversational learning for IPv6 host route FIB entries
10. (Optional.) Configuring BGP EVPN route redistribution and advertisement
 Redistributing MAC/IP advertisement routes into BGP unicast routing tables
 Setting the metric of BGP EVPN routes added to a VPN instance's routing table
 Enabling BGP EVPN route advertisement to the local site
11. (Optional.) Maintaining and optimizing an EVPN network
 Disabling flooding for a VSI
 Enabling ARP or ND flood suppression
 Enabling packet statistics for VXLAN tunnels
 Testing the connectivity of a VXLAN tunnel
 Enabling SNMP notifications for EVPN
12. (Optional.) Configuring EVPN M-LAG
Perform this task to virtualize two VTEPs or EVPN gateways into one M-LAG system to avoid
single points of failure.

Restrictions and guidelines: EVPN VXLAN

configuration
Make sure the following VXLAN tunnels are not associated with the same VXLAN when they have
the same tunnel destination IP address:
• A VXLAN tunnel automatically created by EVPN.
• A manually created VXLAN tunnel.
For more information about manual tunnel configuration, see VXLAN Configuration Guide.
To use multiport multicast MAC address entries in an EVPN network, make sure the VTEPs support
multiport multicast MAC address entries. If a VTEP does not support multiport multicast MAC
address entries, it cannot synchronize or creat e multiport multicast MAC address entries with peer
VTEPs.
As a best practice to ensure correct traffic forwarding, configure the same MAC address for all VSI
interfaces on an EVPN gateway.
If an Ethernet service instance in VLA N access mode matches both CVLA N and SVLAN IDs, when
the VTEP communicates with remote VTEPs at Layer 3, the inner Ethernet header of V XLA N
packets carries CVLAN tags.
If two tiers of spine devices act as RRs in the transport network, execute t he peer
route-update-interval command to speed up network convergence after device or link
failure occurs. For more information about this command, see BGP commands in Layer 3—IP
Routing Command Reference.
In an EVPN multicast network, do not configure one of the following features for one VSI and the
other feature for another VSI:
• Layer 2 multicast MAC forwarding mode.
• Layer 2 multicast IP forwarding mode or Layer 3 multicast.
For more information about the Layer 2 multicast forwarding mode, see IGMP snooping
configuration in IP Multicast Configuration Guide.

1
Setting the VXLAN hardware resource mode
About this task
The device supports the following VXLAN hardware resource modes:
• l2gw—Layer 2 gateway mode.
• l3gw—Layer 3 gateway mode.
You must set the VXLAN hardware resource mode to l3gw on EDs of a VXLAN-DCI network.

Restrictions and guidelines

For the hardware resource mode to take effect, you must reboot the device.
Procedure
1. Enter system view.
system-view
2. Set the VXLAN hardware resource mode.
hardware-resource vxlan { l2gw | l3gw }
By default, the VXLAN hardware resource mode is l2gw.
For more information about this command, see VXLAN Command Reference.

Configuring a VXLAN on a VSI

Restrictions and guidelines for VXLAN configuration on a VSI
For more information about the VXLAN commands in this task, see VXLAN Command Reference.

Creating a VXLAN on a VSI

1. Enter system view.
system-view
2. Enable L2VPN.
l2vpn enable
By default, L2VPN is disabled.
3. Create a VSI and enter VSI view.
vsi vsi-name
4. Enable the VSI.
undo shutdown
By default, a VSI is enabled.
5. Create a VXLAN and enter VXLAN view.
vxlan vxlan-id
You can create only one VXLAN on a VSI. The VXLAN ID must be unique for each VSI.

Configuring VSI parameters

1. Enter system view.
system-view

2
 2. Enter VSI view.
vsi vsi-name
3. Configure a VSI description.
description text
By default, a VSI does not have a description.
4. Set the MTU for the VSI.
mtu size
The default MTU is 1500 bytes for a VSI.
5. Set the maximum bandwidth for known unicast traffic of the VSI.
bandwidth bandwidth
By default, the maximum bandwidth is not limited for known unicast traffic of a VSI.
6. Set the broadcast, unknown multicast, or unknown unicast restraint bandwidth for the VSI.
restrain { broadcast | multicast | unknown-unicast } bandwidth
By default, a VSI's broadcast restraint bandwidth, unknown multicast restraint bandwidth, and
unknown unicast restraint bandwidth are not set.
7. Enable MAC address learning for the VSI.
mac-learning enable
By default, MAC address learning is enabled for a VSI.
8. (Optional.) Set a limit for the VSI's MAC address table.
mac-table limit mac-limit
By default, no limit is set for a VSI's MAC address table.
9. (Optional.) Enable the VSI to drop source-unknown unicast frames if the MAC address table is
full.
mac-table limit drop-unknown
By default, the VSI forwards source-unknown unicast frames without learning the source MAC
address if the MAC address table is full.

Configuring an EVPN instance

About EVPN instance configuration
If a V XLAN requires only Layer 2 connectivity, you do not need to associate a VPN instance with it.
The BGP EVPN routes advertised by a VTEP carry the RD and route targets configured for the
EVPN instance associated with the VXLAN.
Use one of the following methods to create an EVPN instance:
• Create an EVPN instance in system view—You can bind an EVPN instance created in
system view to multiple VSIs to simplify configuration.
• Create an EVPN instance on a VSI—An EVPN instance created in VSI view is automatically
bound with the VSI.

Restrictions and guidelines for EVPN instance configuration

You can bind a VSI only to one EVPN instance.
If you have created an EVPN instance in VSI view for a VSI, you cannot bind the VSI to an EVPN
instance created in system view. If you have bound a VSI to an EVPN instance created in system
view, you cannot create an EVPN instance in VSI view for the VSI.

3
Configuring an EVPN instance created in system view
1. Enter system view.
system-view
2. Create an EVPN instance and enter its view.
evpn instance instance-name
3. Configure an RD for the EVPN instance.
route-distinguisher route-distinguisher
By default, no RD is configured for an EVPN instance.
4. Configure route targets for the EVPN instance.
vpn-target vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, an EVPN instance does not have route targets.
Make sure the following requirements are met:
 The import targets of the EVPN instance do not match the export targets of the VPN instance
associated with the VXLAN or the public instance.
 The export targets of the EVPN instance do not match the import targets of the VPN instance
associated with the VXLAN or the public instance.
For more information about VPN instance configuration and public instance configuration, see
"Configuring an L3 VXLAN ID for a VSI interface."
5. Return to system view.
quit
6. Enter VSI view.
vsi vsi-name
7. Bind the VSI to the EVPN instance.
evpn encapsulation vxlan binding instance instance-name vsi-tag
{ tag-id | auto-vxlan }
By default, a VSI is not bound to an EVPN instance created in system view.

Configuring an EVPN instance created in VSI view

1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Create an EVPN instance and enter EVPN instance view.
evpn encapsulation vxlan
4. Configure an RD for the EVPN instance.
route-distinguisher { route-distinguisher | auto [ router-id ] }
By default, no RD is configured for an EVPN instance.
5. Configure route targets for the EVPN instance.
vpn-target { vpn-target&<1-8> | auto } [ both | export-extcommunity |
import-extcommunity ]
By default, an EVPN instance does not have route targets.
Make sure the following requirements are met:

4
  The import targets of the EVPN instance do not match the export targets of the VPN instance
associated with the VXLAN or the public instance.
 The export targets of the EVPN instance do not match the import targets of the VPN instance
associated with the VXLAN or the public instance.
For more information about VPN instance configuration and public instance configuration, see
"Configuring an L3 VXLAN ID for a VSI interface."

Configuring EVPN multihoming

Restrictions and guidelines for EVPN multihoming
In a multihomed site, AC configuration and V XLA N IDs must be consistent on redundant V TEPs of
the same ES. For each V XLA N ID, you must configure unique RDs for the EVPN instance of VS Is on
the redundant V TEPs. You must configure different RDs for the VPN instances and the public
instance that use the same VXLAN IP gateway.
IRF and EVPN multihoming are mutually exclusive. Do not configure them together on the device.

Assigning an ESI to an interface

About this task
An ESI uniquely identifies an ES. The links on interfaces with the same ES I belong to the same ES.
Traffic of the ES can be distributed among the links for load sharing.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
 Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
 Enter Layer 3 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Assign an ESI to the interface.
esi esi-id
By default, no ESI is assigned to an interface.

Setting the DF election delay

About this task
The DF election can be triggered by site-facing interface status changes, redundant V TEP
membership changes, and interfac e ESI changes. To prevent frequent DF elections from degrading
network performance, set the DF election delay. The DF election delay defines the minimum interval
allowed between two DF elections.

5
Procedure
1. Enter system view.
system-view
2. Set the DF election delay.
evpn multihoming timer df-delay delay-value
By default, the DF election delay is 3 seconds.

Configuring FRR for EVPN VXLAN

About this task
Local FRR enables two V TEPs at a multihomed EVPN V XLAN network site to set up a bypass
VXLAN tunnel between them. This feature helps reduce the traffic loss caused by AC failure.
Procecure
1. Enter system view.
system-view
2. Enable local FRR globally for EVPN VXLAN.
evpn multihoming vxlan-frr local
By default, local FRR is disabled globally for EVPN VXLAN.

Disabling advertisement of EVPN multihoming routes

About this task
EVPN multihoming routes include Ethernet auto-discovery routes and Ethernet segment routes.
In a multihomed EVPN network, perform this task on a redundant VTEP before you reboot it. This
operation allows ot her V TEPs to refresh their EVP N routing table to prevent traffic interruption
caused by the reboot.
Restrictions and guidelines
Do not perform this task on V TEPs at a multihomed EVPN V XLAN site if EVP N forwards multicast
traffic based on SME T, IGMP join sync, and IGMP leave sync routes. Violation of this restriction
might cause multicast forwarding errors.
Procedure
1. Enter system view.
system-view
2. Disable advertisement of EVPN multihoming routes and withdraw the EVPN multihoming
routes that have been advertised to remote sites.
evpn multihoming advertise disable
By default, the device advertises EVPN multihoming routes.

6
Configuring BGP to advertise BGP EVPN routes
Restrictions and guidelines for BGP EVPN route
advertisement
For more information about BGP commands in this task, see Layer 3—IP Routing Command
Reference.

Enabling BGP to advertise BGP EVPN routes

1. Enter system view.
system-view
2. Configure a global router ID.
router id router-id
By default, no global router ID is configured.
3. Enable a BGP instance and enter BGP instance view.
bgp as-number [ instance instance-name ]
By default, BGP is disabled and no BGP instances exist.
4. Specify remote VTEPs as BGP peers.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } as-number as-number
5. Create the BGP EVPN address family and enter BGP EVPN address family view.
address-family l2vpn evpn
6. Enable BGP to exchange BGP EVPN routes with a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } enable
By default, BGP does not exchange BGP EVPN routes with peers.

Configuring BGP EVPN route settings

Configuring BGP EVPN to advertise default routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Advertise a default route to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } default-route-advertise { ipv4 | ipv6 }
vpn-instance vpn-instance-name
By default, no default route is advertised to any peers or peer groups.
Configuring attributes of BGP EVPN routes
1. Enter system view.

7
 system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Permit the local AS number to appear in routes from a peer or peer group and set the number of
appearances.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } allow-as-loop [ number ]
By default, the local AS number is not allowed in routes from peers.
5. Configure the device to not change the next hop of routes advertised to an EBGP peer or peer
group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } next-hop-invariable
By default, the device uses its address as the next hop of routes advertised to EBGP peers.
6. Advertise the COMMUNITY attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } advertise-community
By default, the device does not advertise the COMMUNITY attribute to peers or peer groups.
7. Remove the default-gateway extended community attribute from the EVPN gateway routes
advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } default-gateway no-advertise
By default, EVPN gateway routes advertised to peers and peer groups contain the
default-gateway extended community attribute.
8. Configure the device to advertise BGP routes with the lowest priority to peers. Choose one of
the following options:
 Configure the device to advertise BGP routes with the lowest priority to a peer within a
specified period of time after the peer goes down.
advertise lowest-priority on-peer-up duration seconds
 Configure the device to advertise BGP routes with the lowest priority to peers within a
specified period of time after the BGP process restarts because of a device reboot.
advertise lowest-priority on-startup duration seconds
By default, the device does not change the priority of the BGP routes advertised to peers.
To set the priority of BGP routes to the lowest, the device sets the local preference and MED
value of the BGP routes to 0 and 4294967295, respectively. To restore the original priority of
the BGP routes during the specified duration, execute the reset bgp advertise
lowest-priority command in user view.
Configuring optimal BGP EVPN route selection
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure BGP to prefer routes with an IPv6 next hop during optimal route selection.
bestroute ipv6-nexthop

8
 By default, BGP prefer routes with an IPv4 next hop during optimal route selection.
5. (Optional.) Set the optimal route selection delay timer.
route-select delay delay-value
By default, the optimal route selection delay timer is 0 seconds, which means optimal route
selection is not delayed.
Configuring BGP route reflection
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure the device as an RR and specify a peer or peer group as its client.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } reflect-client
By default, no RR or client is configured.
5. (Optional.) Enable BGP EVPN route reflection between clients.
reflect between-clients
By default, BGP EVPN route reflection between clients is enabled.
6. (Optional.) Configure the cluster ID of the RR.
reflector cluster-id { cluster-id | ipv4-address }
By default, an RR uses its own router ID as the cluster ID.
7. (Optional.) Create a reflection policy for the RR to filter reflected BGP EVPN routes.
rr-filter ext-comm-list-number
By default, an RR does not filter reflected BGP EVPN routes.
8. (Optional.) Enable the RR to change the attributes of routes to be reflected.
reflect change-path-attribute
By default, an RR cannot change the attributes of routes to be reflected.
Configuring the route server feature
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure the device as a route server and specify a peer or peer group as a client.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } route-server-client [ external ]
By default, neither the route server nor the client is configured.
The packets advertised to the clients does not carry the AS number of the route server. To
avoid peer establishment failures, execute the peer ignore-first-as command on the
clients.
Filtering BGP EVPN routes
1. Enter system view.

9
 system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Apply a routing policy to routes received from or advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } route-policy route-policy-name { export | import }
By default, no routing policies are applied to routes received from or advertised to peers or peer
groups.
5. Configure Layer 2 ACL-based route filtering.
 Filter routes for a peer or peer group by using a Layer 2 ACL.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } filter-policy { mac-acl-number | name
mac-acl-name } { export | import }
 Filter all advertised routes.
filter-policy { mac-acl-number | name mac-acl-name } export
 Filter all received routes.
filter-policy { mac-acl-number | name mac-acl-name } import
By default, Layer 2 ACL-based route filtering is not configured for a peer or peer group.
In a Layer 2 ACL, only the rule [ rule-id ] { deny | permit } dest-mac
dest-address dest-mask rule is used to filter MAC/IP advertisement routes that carry the
specified MAC addresses. The other rules in a Layer 2 ACL do not take effect in routing filtering.
6. Enable route target filtering for BGP EVPN routes.
policy vpn-target
By default, route target filtering is enabled for BGP EVPN routes.
7. Enable the device to filter advertised objects based on the first AS number in EBGP routes.
peer-as-check enable
By default, the device advertises a received EBGP route to all BGP peers except the peer that
sends the EBGP route.
After you execute this command, the device checks the first AS number in the AS_Path
attribute of an EBGP route when advertising the EBGP route to EBGP peers. The device will
not advertise the EBGP route to the EBGP peers in that AS.
Configuring the BGP Additional Paths feature
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure the BGP Additional Paths capabilities.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } additional-paths { receive | send } *
By default, no BGP Additional Paths capabilities are configured.
5. Set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer
group.

10
 peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } advertise additional-paths best number
By default, a maximum of one Add-Path optimal route can be advertised to a peer or peer
group.
6. Set the maximum number of Add-Path optimal routes that can be advertised to all peers.
additional-paths select-best best-number
By default, a maximum of one Add-Path optimal route can be advertised to all peers.

Enabling the device to ignore default routes in route recursion

About this task
By default, the device selects a default rout e to forward traffic if only the default route is obtained
after BGP route recursion. If the default route does not point to the desired next hop, traffic
forwarding will fail.
To resolve this issue, enable the device to ignore default routes in route recursion. If only the default
route is obtained after route recursion is performed for a B GP route, that BGP route becomes invalid,
and other BGP routes with the same prefix are selected for forwarding.
Enable this feature if multiple links exist between the device and a destination IP address. If one of
the links fail, traffic will be s witched to the other available links instead of being incorrectly forwarded
based on a default route.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable the device to ignore default routes in route recursion.
nexthop recursive-lookup default-route ignore [ route-policy
route-policy-name ]
By default, the device can select a default route for forwarding after performing route recursion.

CAUTION:
After you execute this command, VXLAN tunnels might be reestablished, and transient VXLAN
traffic loss might occur. As a best practice, enable BGP EVPN route reception and
advertisement again after you execute this command.

Maintaining BGP sessions

Perform the following tasks in user view:
• Reset BGP sessions of the BGP EVPN address family.
reset bgp [ instance instance-name ] { as-number | ipv4-address
[ mask-length ] | ipv6-address [ prefix-length ] | all | external | group
group-name | internal } l2vpn evpn
• Soft-reset BGP sessions of the BGP EVPN address family.

11
 refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ]
| ipv6-address [ prefix-length ] | all | external | group group-name |
internal } { export | import } l2vpn evpn

Mapping ACs to a VSI

Mapping a static Ethernet service instance to a VSI
About this task
A static Ethernet service instance matches a list of V LANs on a site-facing interface by using a frame
match criterion. The VTEP assigns traffic from the VLANs to a VXLA N by mapping the Ethernet
service instance to a VSI. The VSI performs Layer 2 forwarding for the VLANs based on its MAC
address table.
For more information about the VXLAN commands in this task, see VXLAN Command Reference.
Restrictions and guidelines
Ethernet service instance bindings of VSIs are mutually exclusive with port bridging, QinQ, and
VLAN mapping on a Layer 2 Ethernet interface or Layer 2 aggregate int erface. Do not configure
these features simultaneously on the same interface. Otherwise, the features cannot take effect.
Make sure the VLANs that Ethernet service instances match have been created on the device, and
the interfaces where the Ethernet service instances are have been assigned to these VLANs.
After you assign an interface to a Layer 2 aggregation group, the Ethernet service instances on the
interface go down and do not take effect. The Ethernet service instances take effect after the
interface is removed from the Layer 2 aggregation group.
If an Ethernet servic e instance matches both inner and out er VLAN IDs on an interface, do not
configure any other Ethernet service instances to match the same outer VLAN ID on that interface.
For information about the frame match criterion configuration restrictions and guidelines of Ethernet
service instances, see VXLAN Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
 Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Create an Ethernet service instance and enter Ethernet service instance view.
service-instance instance-id
4. Choose one option to configure a frame match criterion.
 Match frames with the specified outer VLAN tags.
encapsulation s-vid vlan-id [ only-tagged ]
encapsulation s-vid vlan-id-list
 Match frames with the specified inner and outer VLAN tags.
encapsulation s-vid vlan-id-list c-vid vlan-id
encapsulation s-vid vlan-id c-vid { vlan-id | all }
 Match any VLAN tagged or untagged frames.

12
 encapsulation { tagged | untagged }
 Match frames that do not match any other service instance on the interface.
encapsulation default
An interface can contain only one Ethernet service instance that uses the
encapsulation default criterion.
An Ethernet service instance that uses the encapsulation default criterion matches
any frames if it is the only instance on the interface.
By default, an Ethernet service instance does not contain a frame match criterion.
5. Map the Ethernet service instance to a VSI.
xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] [ track
track-entry-number&<1-3> ]
By default, an Ethernet service instance is not mapped to any VSI.

Mapping dynamic Ethernet service instances to VSIs

About this task
The 802.1X or MAC authentication feat ure can use the authorization VSI, the guest VSI, the
Auth-Fail VSI, and the critical VSI to control the access of users to network resources. When
assigning a user to a VS I, 802.1X or MAC authentication sends the V XLA N feature the VS I
information and the us er's access information, including access interface, VLA N, and MAC address.
Then the V XLAN feature creates a dynamic Ethernet service instance for the us er and maps it to the
VSI. For more information about 802.1X authentication and MAC authentication, see Securit y
Configuration Guide.
A dynamic Ethernet service instance supports the following traffic match modes:
• VLAN-based mode—Matches frames by VLAN ID.
• MAC-based mode—Matches frames by VLAN ID and source MAC address.
By default, dynamic Ethernet service instances use VLAN-based traffic match mode. To use
MAC-based traffic match mode for dynamic Ethernet service instances, you must enable MA C
authentication or 802.1X authentication that uses MAC-based access control.
Configuring the VLAN-based traffic match mode
To use the VLAN-based traffic match mode, configure 802.1X authentication or MAC authentication
and perform one of the following tasks:
• Configure the guest VSI, Auth-Fail VSI, or critical VSI on the 802.1X- or MAC
authentication-enabled interface.
• Issue an authorization VSI to an 802.1X or MAC authentication user from a remote AAA server.
Then, the device will automatically create a dynamic Ethernet service instance for the 802.1X or
MAC authentication user and map the Ethernet service instance to a VSI.
For more information about configuring 802.1X authentication and MAC authentication, see Security
Configuration Guide.
Configuring the MAC-based traffic match mode
1. Enter system view.
system-view
2. Enter interface view.
 Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 2 aggregate interface view.

13
 interface bridge-aggregation interface-number
3. Enable MAC-based traffic match mode for dynamic Ethernet service instances on the interface.
mac-based ac
By default, VLAN-based traffic match mode is used for dynamic Ethernet service instances.
For more information about this command, see VXLAN Command Reference.
4. Enable MAC authentication or 802.1X authentication that uses MAC-based access control.
To use the MAC-based traffic match mode, configure MAC authentication or 802.1X
authentication that uses MAC-based access control and perform one of the following tasks:
 Configure the guest VSI, Auth-Fail VSI, or critical VSI on the 802.1X- or MAC
authentication-enabled interface.
 Issue an authorization VSI to an 802.1X or MAC authentication user from a remote AAA
server.
Then, the device will automatically create a dynamic Ethernet service instance for the 802.1X or
MAC authentication user and map the Ethernet service instance to a VSI.
For more information about configuring 802.1X authentication and MAC authentication, see
Security Configuration Guide.

Configuring a centralized EVPN gateway

Restrictions and guidelines for centralized EVPN gateway
configuration
If an EVP N net work contains a c entralized EVPN gateway, you must enable A RP or ND flood
suppression on V TEPs. Ty pically remote ARP or ND learning is disabled in an EVPN net work. When
ARP or ND requests for the gat eway MAC address are sent to the centralized EVPN gateway
through V XLA N tunnels, the gateway does not respond to the requests. If A RP or ND flood
suppression is disabled on VTEPs, VMs cannot obtain the MAC address of the gateway.

Prerequisites for centralized EVPN gateway configuration

You must set the VXLAN hardware resource mode to Layer 3 gateway.

Configuring a centralized gateway interface

1. Enter system view.
system-view
2. Create a VSI interface and enter VSI interface view.
interface vsi-interface vsi-interface-id
For more information about this command, see VXLAN Command Reference.
3. Assign an IP address to the VSI interface.
IPv4:
ip address ip-address { mask | mask-length } [ sub ]
IPv6:
See IPv6 basics in Layer 3—IP Services Configuration Guide.
By default, no IP address is assigned to a VSI interface.
4. Return to system view.

14
 quit
5. Enter VSI view.
vsi vsi-name
6. Specify the VSI interface as the gateway interface for the VSI.
gateway vsi-interface vsi-interface-id
By default, no gateway interface is specified for a VSI.
For more information about this command, see VXLAN Command Reference.

Setting the static flag for the MAC addresses of centralized

gateway interfaces
About this task
In a network with a centralized EVPN gateway deployed, a VTEP considers a MAC address move
occurs if an endpoint uses a MA C address identical to that of a centralized gateway interface. As a
result, the V TEP overwrites the MA C address entry created for the centralized gat eway interface
with that created for the endpoint, and errors will occur in traffic forwarding.
To resolve this issue, set the static flag for the MAC addresses of cent ralized gateway interfac es on
the centralized EVPN gat eway. When advertising those MA C addresses through MAC/ IP
advertisement routes, the centraliz ed EVPN gateway will set the static flag bit to 1 in the MA C
mobility extended community. If an endpoint accesses the net work with a MA C address identical to
that of a centralized gat eway interface, the endpoint's MAC address entry will not overwrite the entry
for the centralized gateway interface.
Procedure
1. Enter system view.
system-view
2. Set the static flag for the MAC addresses of centralized gateway interfaces.
evpn route gateway-mac unmovable
By default, the static flag is not set for the MAC addresses of centralized gateway interfaces.

Configuring a distributed EVPN gateway

Restrictions and guidelines for distributed EVPN gateway
configuration
When you configure VSI interfaces on a distributed EVPN gateway, follow these restrictions and
guidelines:
• Do not assign reserved MAC addresses to VSI interfaces. The following matrix shows the
reserved MAC address ranges.

Hardware Reserved MAC address range

SDC 5850 Bridge MAC address to bridge MAC address + 179

15
 • You must assign the same MAC address to the VSI interfaces with L3 VXLAN IDs associated.
• On distributed EVPN gateways, you must assign the same MAC address and IP address to the
VSI interfaces that act as the gateway for the same VXLAN.
• If a distributed EVPN gateway is connected to an IPv6 site, make sure the VSI interfaces with
L3 VXLAN IDs associated use the same link-local address.
As a best practice, do not use ARP flood suppression and local proxy ARP or ND flood suppression
and local ND proxy together on distributed EVPN gateways. If both A RP flood suppression and local
proxy ARP are enabled on a distributed EVPN gateway, only local proxy ARP takes effect. If both ND
flood suppression and local ND proxy are enabled on a distributed EVPN gateway, only local ND
proxy takes effect.
On a distributed EVPN gateway, make sure the VSI interfaces configured with L3 V XLA N IDs use
the same MA C address. To modify the MA C address of a VS I interface, use the mac-address
command.

Prerequisites for distributed EVPN gateway configuration

You must set the VXLAN hardware resource mode to Layer 3 gateway.
For a VXLAN to access the external network, specify the VXLAN's VSI interface on the border
gateway as the next hop on distributed EVPN gateways by using one of the following methods:
• Configure a static route.
• Configure a routing policy, and apply the policy by using the apply default-next-hop or
apply next-hop command. For more information about configuring routing policies, see
routing policy configuration or IPv6 routing policy configuration in Layer 3—IP Routing
Configuration Guide.

Configuring the traffic forwarding mode for EVPN VXLAN

Restrictions and guidelines
The asymmetric IRB mode is supported only on distributed EVPN gateways. The mode takes effect
only on Layer 3 traffic forwarded in the same V XLA N. In addition, the same VS I interface on different
distributed EVPN gateways must have different IP addresses.
Procedure
1. Enter system view.
system-view
2. Configure the traffic forwarding mode for EVPN VXLAN. Choose one of the following options:
 Enable asymmetric IRB mode.
evpn irb asymmetric [ route-policy route-policy-name ]
 Enable symmetric IRB mode.
undo evpn irb asymmetric
By default, a distributed EVPN gateway forwards EVPN VXLAN traffic in symmetric IRB
mode.

Configuring a VSI interface

About this task
To save Layer 3 interface resources on a distribut ed EVPN gateway, multiple VSIs can share one
VSI interface. You can assign multiple IP addresses to the VSI interface for the VSIs to use as
gateway addresses.

16
 When VSIs share a VSI interface, you must specify the subnet of each VSI for the VSI interface to
identify the VSI of a packet. The subnets must be unique.
Procedure
1. Enter system view.
system-view
2. Create a VSI interface and enter VSI interface view.
interface vsi-interface vsi-interface-id
For more information about this command, see VXLAN Command Reference.
3. Assign an IP address to the VSI interface.
IPv4:
ip address ip-address { mask | mask-length } [ sub ]
IPv6:
See IPv6 basics in Layer 3—IP Services Configuration Guide.
By default, no IP address is assigned to a VSI interface.
4. Assign a MAC address to the VSI interface.
mac-address mac-address
By default, the MAC address of VSI interfaces is the default MAC address of Layer 3 Ethernet
interfaces.
To ensure correct forwarding after VM migration, you must assign the same MAC address to
the VSI interfaces of a VXLAN on all distributed gateways.
5. Specify the VSI interface as a distributed gateway.
distributed-gateway local
By default, a VSI interface is not a distributed gateway.
For more information about this command, see VXLAN Command Reference.
6. (Optional.) Enable local proxy ARP or local ND proxy.
IPv4:
local-proxy-arp enable [ ip-range startIP to endIP ]
By default, local proxy ARP is disabled.
For more information about the command, see proxy ARP commands in Layer 3—IP Services
Command Reference.
IPv6:
local-proxy-nd enable
By default, local ND proxy is disabled.
For more information about the commands, see IPv6 basic commands Layer 3—IP Services
Command Reference.
7. Return to system view.
quit
8. Enter VSI view.
vsi vsi-name
9. Specify the VSI interface as the gateway interface for the VSI.
gateway vsi-interface vsi-interface-id
By default, no gateway interface is specified for a VSI.
For more information about this command, see VXLAN Command Reference.
10. Assign a subnet to the VSI.

17
 gateway subnet { ipv4-address wildcard-mask | ipv6-address
prefix-length }
By default, no subnet exists on a VSI.
For more information about this command, see VXLAN Command Reference.

Configuring an L3 VXLAN ID for a VSI interface

Restrictions and guidelines for L3 VXLAN ID configuration
The L3 VXLAN ID of a VSI interface cannot be the same as the VXLAN ID specified by using the
mapping vni command. For more information about this command, see "Configuring EVPN-DCI."
Configuring an L3 VXLAN ID for the VSI interface of a VPN instance
1. Enter system view.
system-view
2. Configure a VPN instance:
a. Create a VPN instance and enter VPN instance view.
ip vpn-instance vpn-instance-name
b. Configure an RD for the VPN instance.
route-distinguisher route-distinguisher
By default, no RD is configured for a VPN instance.
c. Configure route targets for the VPN instance.
vpn-target { vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, a VPN instance does not have route targets.
d. (Optional.) Apply an export routing policy to the VPN instance.
export route-policy route-policy
By default, no export routing policy is applied to a VPN instance.
The specified export routing policy is used to filter the BGP EVPN routes advertised for the
VPN instance.
e. (Optional.) Apply an import routing policy to the VPN instance.
import route-policy route-policy
By default, no import routing policy is applied to a VPN instance. The VPN instance accepts
a route when the export route targets of the route match local import route targets.
The specified import routing policy is used to filter the BGP EVPN routes redistributed to the
VPN instance.
3. Configure EVPN on the VPN instance:
a. Enter VPN instance EVPN view.
address-family evpn
b. Configure route targets for EVPN on the VPN instance.
vpn-target vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, EVPN does not have route targets on a VPN instance.
Make sure the following requirements are met:
− The import targets of EVPN do not match the export targets of the VPN instance.
− The export targets of EVPN do not match the import targets of the VPN instance.
c. (Optional.) Apply an export routing policy to EVPN on the VPN instance.

18
 export route-policy route-policy
By default, no export routing policy is applied to EVPN on a VPN instance.
d. (Optional.) Apply an import routing policy to EVPN on the VPN instance.
import route-policy route-policy
By default, no import routing policy is applied to EVP N on a VPN instance. The VP N
instance accepts a route when the route targets of the route match local import route
targets.
4. Execute the following commands in sequence to return to system view.
a. quit
b. quit
5. Create a VSI interface and enter VSI interface view.
interface vsi-interface vsi-interface-id
6. Associate the VSI interface with the VPN instance.
ip binding vpn-instance vpn-instance-name
By default, a VSI interface is not associated with a VPN instance. The interface is on the public
network.
7. Configure an L3 VXLAN ID for the VSI interface.
l3-vni vxlan-id
By default, no L3 VXLAN ID is configured for a VSI interface.
A VPN instance can have only one L3 VXLAN ID. If multiple L3 VXLAN IDs are configured for a
VPN instance, the VPN instance uses the lowest one. To view the L3 VXLAN ID of a VPN
instance, use the display evpn routing-table command.

Configuring an L3 VXLAN ID for the VSI interface of the public instance

1. Enter system view.
system-view
2. Create the public instance and enter its view.
ip public-instance
For more information about this command, see MPLS L3VPN commands in MPLS Command
Reference.
3. Configure an RD for the public instance.
route-distinguisher route-distinguisher
By default, no RD is configured for the public instance.
4. Configure an L3 VXLAN ID for the public instance.
l3-vni vxlan-id
By default, the public instance does not have an L3 VXLAN ID.
The public instance can have only one L3 VXLAN ID. To modify the L3 VXLAN ID for the public
instance, you must first delete the original L3 VXLAN ID.
5. (Optional.) Configure route targets for the public instance.
vpn-target vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, the public instance does not have route targets.
6. Enter IPv4 address family view, IPv6 address family view, or EVPN view.
 Enter IPv4 address family view.
address-family ipv4

19
 For more information about this command, see MPLS L3VPN commands in MPLS
Command Reference.
 Enter IPv6 address family view.
address-family ipv6
For more information about this command, see MPLS L3VPN commands in MPLS
Command Reference.
 Enter EVPN view.
address-family evpn
7. Configure route targets for the IPv4 address family, IPv6 address family, or EVPN.
vpn-target vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, the IPv4 address family, IPv6 address family, and EVPN do not have route targets
on the public instance.
Make sure the following requirements are met:
 The import targets of an EVPN instance do not match the export targets of the public
instance.
 The export targets of an EVPN instance do not match the import targets of the public
instance.
8. Execute the following commands in sequence to return to system view.
a. quit
b. quit
9. Enter VSI interface view.
interface vsi-interface vsi-interface-id
10. Configure an L3 VXLAN ID for the VSI interface.
l3-vni vxlan-id
By default, no L3 VXLAN ID is configured for a VSI interface.
Of the VSI interfaces associated with the public instance, a minimum of one VSI interface must
use the same L3 VXLAN ID as the public instance.

Configuring IP prefix route advertisement

About this task
If IGP rout es are imported to the BGP-VPN IP v4 or IP v6 unicast address family and the
corresponding VPN instanc e has an L3 V XLA N ID, the device advertises the import ed routes as IP
prefix advertisement routes.
If IGP routes are imported to the BGP IPv4 or IP v6 unicast address family and the public instance
has an L3 VXLAN ID, the device advertises the imported routes as IP prefix advertisement routes.
A VTEP compares the export rout e targets of received IP prefix advertisement routes with the import
route targets configured for the IP v4 address family or IP v6 address family on a VP N instance or the
public instanc e. If the rout e targets match, the V TEP accepts the routes and adds the routes to the
routing table of the VPN instance or public instance.
Restrictions and guidelines
This feature is supported only by distributed EVPN gateway deployment.
For more information about the BGP commands in this task, see Layer 3—IP Routing Command
Reference.

20
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP address family view.
 Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
 Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address
family view.
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
 Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
 Execute the following commands in sequence to enter BGP-VPN IPv6 unicast address
family view.
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
4. Enable BGP to redistribute routes from an IGP protocol.
import-route protocol [ { process-id | all-processes } [ allow-direct |
med med-value | route-policy route-policy-name ] * ]
By default, BGP does not redistribute IGP routes.
5. (Optional.) Enable default route redistribution into the BGP routing table.
default-route imported
By default, default route redistribution into the BGP routing table is disabled.
6. (Optional.) Configure ECMP VPN route redistribution:
a. Return to BGP instance view.
quit
b. Enter BGP EVPN address family view.
address-family l2vpn evpn
c. Enable ECMP VPN route redistribution.
vpn-route cross multipath
By default, ECMP VPN route redistribution is disabled. If multiple routes have the same
prefix and RD, BGP only imports the optimal route into the EVPN routing table.
ECMP VPN route redistribution enables BGP to import all routes that have the same prefix
and RD into the EVPN routing table.

Configuring BGP route exchange between the public

instance and VPN instances
About this task
By default, the BGP routes of one VPN instance are isolated from those of anot her VP N instance. If
inter-VP N route exchange is required and the routes of a VPN instance must be hidden, configure
other VPN instances to advertise routes of that VPN instance.

21
 Figure 17 BGP route exchange between the public instance and VPN instances

L3 netw ork

PE 3

EVPN-IBGP
VPN site VPN site

PE 1 PE 2

As shown in Figure 17, PE 1 and PE 2 set up public IBGP sessions with PE 3, and the public
instance and VPN instances exchange routes to enable communication bet ween the public network
and the VPN sites. PE 1 and PE 2 set up BGP EVPN IBGP peer relationships with each other to
exchange VPN instance routes. When all links operat e correctly, PE 2 receives the public routes
advertised by PE 3 and redistributes the routes to th e local VP N site. When the link bet ween PE 2
and PE 3 fails, perform t he following tasks for PE 1 t o reoriginat e the public routes in a specified VP N
instance and advertise them to PE 2:
1. Configure route targets for the public instance on PE 1. Make sure the route targets match
those of the VPN instance to redistribute public routes.
2. Execute the route-replicate enable command on PE 1 to redistribute the BGP routes of
the public instance to the target VPN instance.
3. Execute the advertise route-reoriginate command on PE 1 to enable reoriginating
the BGP routes of other VPN instances in the target VPN instance. This command enables
reoriginating BGP routes based on only the BGP routes that match the route targets of the
target VPN instance. The VPN instance does not reoriginate BGP routes based on the
redistributed local routes, such as the IGP routes redistributed by using the import-route
command.
4. Execute the peer advertise vpn-reoriginate ibgp command on PE 1 to advertised
reoriginated routes to IBGP peer PE 2.
Restrictions and guidelines
You must use the peer advertise vpn-reoriginate ibgp command in combination with the
advertise route-reoriginate command. If you execute only the peer advertise
vpn-reoriginate ibgp command, it does not take effect.
In B GP-VPN IP v4 unicast address family view, the advertise route-reoriginate c ommand
enables reoriginating IP v4 unicast routes. In BGP-VP N IP v6 unicast address family view, the
advertise route-reoriginate command enables reoriginating IPv6 unicast routes.
For more information about the advertise route-reoriginate and route-replicate
enable commands, see MPLS L3VPN commands in MPLS Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.

22
 bgp as-number [ instance instance-name ]
3. (Optional.) Enable BGP route replication between public and VPN instances.
route-replicate enable
By default, BGP route replication between public and VPN instances is disabled
4. Enter BGP address family view.
 Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address
family view.
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
 Execute the following commands in sequence to enter BGP-VPN IPv6 unicast address
family view.
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
5. Enable reoriginating BGP routes for a VPN instance based on the BGP routes received from
other VPN instances.
advertise route-reoriginate [ route-policy route-policy-name ]
[ replace-rt ]
By default, a VP N instance does not reoriginate BGP unicast routes for the BGP routes of ot her
VPN instances.
This command enables reoriginating BGP routes based on only the BGP routes that match the
route t argets of the current VPN instance. The VPN instance does not reoriginat e BGP routes
based on the redistributed local routes.
6. (Optional.) Enable advertising the IP prefix advertisement routes reoriginated for a VPN
instance to an IBGP peer or peer group.
a. Return to BGP instance view.
quit
quit
b. Enter BGP EVPN address family view.
address-family l2vpn evpn
c. Enable advertising the IP prefix advertisement routes reoriginated for a VPN instance to an
IBGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } advertise
vpn-reoriginate ibgp
By default, the device does not advertise the IP prefix advertisement routes reoriginated for
a VPN instance to IBGP peers or peer groups.

Configuring the EVPN global MAC address

About this task
The EVP N global MAC address is used only by VSI interfaces associated with an L3 V XLA N ID. For
such a VSI interface, the MAC address assigned to it by using the mac-address command takes
precedence over the EVPN global MAC address.
A distributed EVPN gateway selects the lowest-numbered VSI interfac e that is associated wit h an L3
V XLA N ID as its router MAC address. In an M-LAG system, distributed EVP N gateways that act as
M-LAG member devices might use different rout er MA C addresses, which caus es forwarding errors.
To resolve this problem, you can configure the same EVPN global MAC address on the gateways.

23
Restrictions and guidelines
Configure the same EVPN global MA C address on the M-LAG member devices of an M-LAG system.
Make sure the EVPN global MAC address of an M-LAG system is unique in the local data c enter and
the remote data centers connected to the local data center through DCI tunnels.
As a best practice, use one of the following methods to configure the EVPN global MAC address on
an M-LAG system:
• Use the default MAC address of a Layer 3 Ethernet interface on an M-LAG member device as
the EVPN global MAC address. As a best practice, use this method.
• Use an available unicast MAC address in the range of 0001-0001-0001 to 0001-0001-FFFE as
the EVPN global MAC address.
For a VSI interface associated with an L3 VXLAN ID, the MAC address assigned to it by using the
mac-address command takes precedence over the EVPN global MAC address.
Procedure
1. Enter system view.
system-view
2. Configure the EVPN global MAC address.
evpn global-mac mac-address
By default, no EVPN global MAC address is configured.

Disabling generation of IP prefix advertisement routes for the

subnets of a VSI interface
About this task
A distributed V XLAN IP gateway by default generates IP prefix advertisement routes for the subnets
of VSI interfaces and advertises these routes to remote VTEPs. The remote V TEPs advertise thes e
routes to their local sites. To disable advertisement of these routes to remote sites, you can disable
generation of IP prefix advertisement routes for the subnets of VSI interfaces.
Restrictions and guidelines
This feature takes effect only on a VSI interface t hat provides distributed V XLA N IP gateway service
(configured by using the distributed-gateway local command). It does not take effect on
VSI interfaces that provide centralized V XLA N IP gateway service. The device only generates
MAC/IP advertisement routes for VSI interfaces that provide centralized VXLAN IP gateway service.

Procedure
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface vsi-interface-id
3. Disable generation of IP prefix advertisement routes for the subnets of the VSI interface.
ip-prefix-route generate disable
By default, the device generates IP prefix advertisement routes for the subnets of a VSI
interface that provides distributed VXLAN IP gateway service.

24
Enabling a distributed EVPN gateway to send RA messages
over VXLAN tunnels
About this task
By default, a distributed EVPN gat eway drops the RS messages received from V XLA N tunnels and
periodically advertises RA messages only to the local site. As a result, a distribut ed EVPN gateway
does not send RA messages over V XLAN tunnels, and remote gateways cannot update information
about the gateway based on RA messages. To resolve the issue, perform this task to enable
distributed EVPN gateways to reply to remot e RS messages with RA messages and periodically
advertise RA messages over VXLAN tunnels.
Restrictions and guidelines
You can configure RA message tunneling for VSI interfaces globally or on a per-VS I interface basis.
The global configuration takes effect on all VSI interfaces. The interface-specific configuration takes
precedence over the global configuration on a VSI interface.

Globally enabling VSI interfaces to send RA messages over VXLAN tunnels

1. Enter system view.
system-view
2. Globally enable VSI interfaces to send RA messages over VXLAN tunnels.
ipv6 nd ra tunnel-broadcast global enable
By default, VSI interfaces do not send RA messages over VXLAN tunnels.
Enabling a VSI interface to send RA messages over VXLAN tunnels
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface vsi-interface-id
3. Enable the VSI interface to send RA messages over VXLAN tunnels.
ipv6 nd ra tunnel-broadcast enable
By default, a VSI interface uses the global RA message tunneling configuration.

Enabling traffic statistics for the VSIs automatically created

for L3 VXLAN IDs
About this task
If you configure an L3 V XLAN ID on a distributed EVPN gateway, the gat eway aut omatically creates
a VSI for the L3 VXLAN ID. You cannot enter the view of such a VSI to configure settings on it.
This task enables the devic e to collect incoming and outgoing traffic statistics for the automatically
created VS Is. You can us e the display l2vpn vsi verbose command to view the traffic
statistics and use the reset l2vpn statistics vsi command to clear the traffic statistics.
Procedure
1. Enter system view.
system-view
2. Enable traffic statistics for the VSIs that are automatically created for L3 VXLAN IDs.
l2vpn statistics vsi l3-vni

25
 By default, the traffic statistics feature is disabled for the VSIs that are automatically created for
L3 VXLAN IDs.

Enabling the device to advertise ARP information for the

distributed EVPN gateway interfaces through MAC/IP
advertisement routes
About this task
If a distributed EVPN gateway has downstream VTEPs attached, the gateway advertises ARP
information for gateway interfaces through IP prefix advertisement rout es. Because the VTEPs do
not have gateway configuration, they cannot learn t he A RP information for the gateway interfaces or
forward traffic to the gateway. For the VTEPs to learn ARP information for the gateway interfaces,
enable the distributed EVPN gateway to advertise ARP information for the gat eway interfac es
through MAC/IP advertisement routes.
Procedure
1. Enter system view.
system-view
2. Enable the device to advertise ARP information for the distributed EVPN gateway interfaces
through MAC/IP advertisement routes.
evpn mac-ip advertise distributed-gateway
By default, the device does not advertise ARP information for the distributed EVPN gateway
interfaces through MAC/IP advertisement routes.

Managing remote MAC address entries and

remote ARP or ND learning
Disabling remote MAC address learning and remote ARP or
ND learning
About this task
By default, the device learns MAC information, ARP information, and ND information of remote user
terminals from packets received on V XLA N tunnel interfaces. The automatically learned remot e
MAC, ARP, and ND information might conflict with the remote MA C, ARP, and ND information
advertised through BGP. As a best practice to avoid the conflicts, disable remot e MAC address
learning and remote ARP or ND learning on the device.
For more information about the VXLAN commands in this task, see VXLAN Command Reference.
Procedure
1. Enter system view.
system-view
2. Disable remote MAC address learning.
vxlan tunnel mac-learning disable
By default, remote MAC address learning is enabled.
3. Disable remote ARP learning.
vxlan tunnel arp-learning disable

26
 By default, remote ARP learning is enabled.
4. Disable remote ND learning.
vxlan tunnel nd-learning disable
By default, remote ND learning is enabled.

Disabling MAC address advertisement

About this task
The MAC information and A RP or ND information advertised by the VTEP overlap. To avoid
duplication, disable MA C address advertisement and wit hdraw the MA C addresses advertised t o
remote VTEPs.
Procedure (EVPN instance view)
1. Enter system view.
system-view
2. Enter EVPN instance view.
evpn instance instance-name
3. Disable MAC address advertisement and withdraw advertised MAC addresses.
mac-advertising disable
By default, MAC address advertisement is enabled.
Procedure (VSI EVPN instance view)
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter VSI EVPN instance view.
evpn encapsulation vxlan
4. Disable MAC address advertisement and withdraw advertised MAC addresses.
mac-advertising disable
By default, MAC address advertisement is enabled.

Enabling MAC mobility event suppression

About this task
On an EVPN V XLA N net work, misconfiguration of MA C addresses might cause two sites to contain
the same MAC address. In this condition, V TEPs at the two sites constantly synchronize and update
EVPN MAC entries and determine that MAC mobility events occur. As a result, an inter-site loop
might occur, and t he bandwidth is occupied by MA C entry synchronization traffic. To eliminate loops
and suppress those MAC mobility events, enable MAC mobility event suppression on the V TEPs.
This feature allows a MAC address to move a s pecified number of times (the MAC mobility
suppression threshold) from a site within a MA C mobility detection cycle. If a MA C address moves
more than the MA C mobility suppression threshold, the VTEP at the site will suppress the last MAC
move to the local site and will not advertise information about the MAC address.
Restrictions and guidelines
After you execute the undo evpn route mac-mobility suppression command or the
suppression time expires, a VTEP acts as follows:

27
 • Advertises MAC address entries immediately for the suppressed MAC address entries that
have not aged out.
• Relearns the MAC addresses for the suppressed MAC address entries that have aged out and
advertises the MAC address entries.
If both MAC address entry conflicts and ARP entry conflicts exist for a MAC address, you must
enable both MA C mobility event suppression and A RP mobility event suppression. If you enable only
MAC mobility event suppression, the system cannot suppress MAC mobility events for the MAC
address.
Procedure
1. Enter system view.
system-view
2. Enable MAC mobility event suppression.
evpn route mac-mobility suppression [ detect-cycle detect-time |
detect-threshold move-times | suppression-time [ suppression-time |
permanent ] ] *
By default, MAC mobility event suppression is disabled.

Disabling learning of MAC addresses from ARP or ND

information
About this task
The MAC information and ARP or ND information advertised by a remote VTEP overlap. To avoid
duplication, disable the learning of MA C addresses from A RP or ND information. EVPN will learn
remote MAC addresses only from the MAC information advertised from remote sites.
Procedure (EVPN instance view)
1. Enter system view.
system-view
2. Enter EVPN instance view.
evpn instance instance-name
3. Disable the EVPN instance from learning MAC addresses from ARP information.
arp mac-learning disable
By default, an EVPN instance learns MAC addresses from ARP information.
4. Disable the EVPN instance from learning MAC addresses from ND information.
nd mac-learning disable
By default, an EVPN instance learns MAC addresses from ND information.
Procedure (VSI EVPN instance view)
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter VSI EVPN instance view.
evpn encapsulation vxlan
4. Disable the EVPN instance from learning MAC addresses from ARP information.
arp mac-learning disable

28
 By default, an EVPN instance learns MAC addresses from ARP information.
5. Disable the EVPN instance from learning MAC addresses from ND information.
nd mac-learning disable
By default, an EVPN instance learns MAC addresses from ND information.

Disabling ARP information advertisement

About this task
In an EVP N network wit h distributed gat eways, you can disable ARP information advertisement for a
V XLA N to save resources if all its user terminals use the same EVPN gateway device. The EVPN
instance of the V XLA N will stop advertising A RP information through MA C/IP advertisement routes
and wit hdraw advertised ARP information. When ARP information advertisement is disabled, user
terminals in other V XLANs still can communicate with that V XLAN through IP prefix advertisement
routes.
Procedure (EVPN instance view)
1. Enter system view.
system-view
2. Enter EVPN instance view.
evpn instance instance-name
3. Disable ARP information advertisement for the EVPN instance.
arp-advertising disable
By default, ARP information advertisement is enabled for an EVPN instance.
Procedure (VSI EVPN instance view)
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter VSI EVPN instance view.
evpn encapsulation vxlan
4. Disable ARP information advertisement for the EVPN instance.
arp-advertising disable
By default, ARP information advertisement is enabled for an EVPN instance.

Enabling ND information advertisement

About this task
In an EVPN net work with distributed gateways, you can disable ND information advertisement for a
V XLA N to save resources if all its user terminals use the same EVPN gateway device. The EVPN
instance of the V XLAN will stop advertising ND information through MAC/IP advertisement routes
and withdraw advertised ND information. When ND information advert isement is disabled, user
terminals in other V XLANs still can communicate with that VXLAN through IP prefix advertisement
routes.
Procedure (EVPN instance view)
1. Enter system view.
system-view
2. Enter EVPN instance view.

29
 evpn instance instance-name
3. Enable ND information advertisement for the EVPN instance.
nd-advertising enable
By default, ND information advertisement is enabled for an EVPN instance.
Procedure (VSI EVPN instance view)
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter VSI EVPN instance view.
evpn encapsulation vxlan
4. Enable ND information advertisement for the EVPN instance.
nd-advertising disable
By default, ND information advertisement is enabled for an EVPN instance.

Disabling the VSI interface on a centralized EVPN gateway

from learning ARP or ND information across subnets
About this task
On an EVP N V XLA N network deployed with a centralized EVPN gateway, VM 1 and VM 2 belong t o
the same V XLA N in subnet 10.1.1. 0/24. The gat eway interface is VSI-interface 1 and the gateway is
connected to external Layer 3 network 10.1.2.0/24. The V TEP to whic h VM 2 is attached is
configured with A RP or ND flood suppression. The IP address of VM 2 is mistakenly configured as
an IP address in subnet 10.1.2.0/ 24 (for example, 10.1.2.2). In t his situation, the VTEP connected t o
VM 2 advertises MAC/IP advertisement rout es that contain ARP or ND information t o the gateway.
The IP address and MAC address in the routes are the IP address and MAC address of VM 2,
respectively. The gateway learns the ARP or ND information and issues the information to the
forwarding table. When VM 1 visits 10.1.2.2 in the external network, the gateway will forward the
traffic to VM 2. As a result, VM 1 cannot visit 10.1.2.2.
To res olve the above issue, perform this task on the VSI interface to disable the VS I interface from
learning ARP or ND information across subnets from MAC/IP advertisement routes.
Procedure
1. Enter system view.
system-view
2. Enter VSI interface view on a centralized EVPN gateway.
interface vsi-interface vsi-interface-id
For more information about this command, see VXLAN Command Reference.
3. Disable the VSI interface from learning ARP or ND information that does not belong to its
subnet from MAC/IP advertisement routes.
evpn span-segment { arp-learning | nd-learning } disable
By default, the VSI interface on a centralized EVPN gateway learns ARP or ND information that
does not belong to its subnet from MAC/IP advertisement routes.

30
Enabling ARP mobility event suppression
About this task
On an EVPN V XLAN network, misconfiguration of IP addresses might cause two sites to contain the
same IP address. In this condition, V TEPs at the two sites constantly synchronize and update EVPN
ARP entries and determine that ARP mobility events occur. As a result, an inter-site loop might occur,
and the bandwidth is occupied by ARP entry synchronization traffic. To eliminate loops and suppress
those ARP mobility events, enable A RP mobility event suppression on the V TEPs. This feature
allows an IP address to move a specified number of times (the A RP mobility suppression threshold)
from a site within an A RP mobility detection cycle. If an IP address moves more than the ARP
mobility suppression threshold, the VTEP at the site will suppress the last ARP move to the local site
and will not advertise ARP information for the IP address.
Restrictions and guidelines
ARP mobility event suppression takes effect only on an EVPN V XLAN network configured with
distributed VXLAN IP gateways.
After you execute t he undo evpn route arp-mobility suppression command or the
suppression time expires, a VTEP acts as follows:
• Advertises ARP information immediately for the suppressed ARP ent ries that have not aged
out.
• Relearns ARP information for the suppressed ARP entries that have aged out and advertises
the ARP information.
If both MAC address entry conflicts and ARP entry conflicts exist for a MAC address, you must
enable both MA C mobility event suppression and A RP mobility event suppression. If you enable only
MAC mobility event suppression, the system cannot suppress MAC mobility events for the MAC
address.
Procedure
1. Enter system view.
system-view
2. Enable ARP mobility event suppression.
evpn route arp-mobility suppression [ detect-cycle detect-time |
detect-threshold move-times | suppression-time [ suppression-time |
permanent ] ] *
By default, ARP mobility event suppression is disabled.

Enabling ND mobility event suppression

About this task
On an EVP N V XLA N network, misconfiguration of IP addresses might cause two sites to contain the
same IP address. In this condition, V TEPs at t he t wo sites constantly synchronize and update EVP N
ND entries and determine that ND mobility events occur. As a result, an inter-site loop might occur,
and the bandwidth is occupied by ND ent ry synchronization traffic. To eliminat e loops and suppress
those ND mobility events, enable ND mobility event suppression on the VTEPs. This feature allows
an IP address to move a s pecified number of times (the ND mobility suppression threshold) from a
site within an ND mobility detection cycle. If an IP address moves more than the ND mobility
suppression threshold, the VTEP at the site will suppress the last ND move to the local site and will
not advertise ND information for the IP address.

Restrictions and guidelines

After you execute the undo evpn route nd-mobility suppression command or the
suppression time expires, a VTEP acts as follows:

31
 • Advertises ND information immediately for the suppressed ND entries that have not aged out.
• Relearns ND information for the suppressed ND entries that have aged out and advertises the
ND information.
ND mobility event suppression takes effect only on the following EVPN VXLAN networks:
• EVPN VXLAN network enabled with ND flood suppression.
• EVPN VXLAN network configured with distributed VXLAN IP gateways.
If both MA C address ent ry conflicts and ND entry conflicts exist for a MA C address, you must enable
both MAC mobility event suppression and ND mobility event suppression. If you enable only MAC
mobility event suppression, the system cannot suppress MAC mobility events for the MAC address.
Procedure
1. Enter system view.
system-view
2. Enable ND mobility event suppression.
evpn route nd-mobility suppression [ detect-cycle detect-time |
detect-threshold move-times | suppression-time [ suppression-time |
permanent ] ] *
By default, ND mobility event suppression is disabled.

Enabling ARP request proxy

About this task
ARP request proxy allows a VSI interface to send an ARP request sourced from itself when the
VTEP forwards an ARP request. This feature helps resolve certain communication issues.
In an EVPN V XLA N network, VM 1 and VM 2 are attached t o V TEP 1 and V TEP 2, respectively, and
the VMs are in the same s ubnet. The gateway int erfaces of VM 1 and VM 2 are VSI -interface 1 on
VTEP 1 and VSI-interface 2 on VTEP 2, respectively. The following conditions exist on the VTEPs:
• The VTEPs have established BGP EVPN neighbor relationships.
• EVPN is disabled from learning MAC addresses from ARP information.
• MAC address advertisement is disabled, and advertised MAC addresses are withdrawn.
• Remote-MAC address learning is disabled.
• Local proxy ARP is enabled on the VSI interfaces.
• The VSI interfaces use different IP addresses and MAC addresses.
In this network, when VM 1 attempts to communicate with VM 2, the following procedure occurs:
1. VM 1 sends an ARP request.
2. VTEP 1 learns the MAC address of VM 1 from the ARP request, replies to VM 1 on behalf of VM
2, and sends an ARP request to obtain the MAC address of VM 2.
3. VTEP 2 forwards the ARP request, and VM 2 replies to VTEP 1.
4. VTEP 2 forwards the ARP reply sent by VM 2 without learning the MAC address of VM 2
because EVPN is disabled from learning MAC addresses from ARP information.
5. VTEP 1 does not learn the MAC address of VM 2 because remote-MAC address learning is
disabled.
As a result, VM 1 fails to communicate with VM 2.
For VM 1 to communicate with VM 2, enable A RP request proxy on VSI-interface 2 of V TEP 2. When
receiving the ARP request sent by VTEP 1, VTEP 2 forwards it and sends an A RP request sourced
from VSI-interface 2 simultaneously, and VM 2 replies to bot h ARP requests. Then, V TEP 2 learns
the MAC address of VM 2 from the ARP reply destined from VSI-interface 2 and advertises the MAC

32
 address to VTEP 1 through BGP EVPN routes. In this way, VTEP 1 obtains the MAC address of VM
2, and VM 1 and VM 2 can communicate.
Procedure
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface vsi-interface-id
3. Enable ARP request proxy.
arp proxy-send enable
By default, ARP request proxy is disabled on VSI interfaces.

Enabling ND request proxy

About this task
ND request proxy allows a VSI interface to send an ND request sourced from itself when the VTEP
forwards an ND request. This feature helps resolve certain communication issues.
In an EVPN V XLA N network, VM 1 and VM 2 are attached to V TEP 1 and V TEP 2, respectively, and
the VMs are in the same subnet. The gateway interfaces of VM 1 and VM 2 are VS I-int erface 1 on
VTEP 1 and VSI-interface 2 on VTEP 2, respectively. The following conditions exist on the VTEPs:
• The VTEPs have established BGP EVPN neighbor relationships.
• EVPN is disabled from learning MAC addresses from ND information.
• MAC address advertisement is disabled, and advertised MAC addresses are withdrawn.
• Remote-MAC address learning is disabled.
• Local proxy ND is enabled on the VSI interfaces.
• The VSI interfaces use different IP addresses and MAC addresses.
In this network, when VM 1 attempts to communicate with VM 2, the following process occurs:
1. VM 1 sends an NS packet.
2. VTEP 1 learns the MAC address of VM 1 from the NS packet, replies to VM 1 on behalf of VM 2,
and sends an NS packet to obtain the MAC address of VM 2.
3. VTEP 2 forwards the NS packet, and VM 2 replies to VTEP 1.
4. VTEP 2 forwards the NA packet sent by VM 2 without learning the MAC address of VM 2
because EVPN is disabled from learning MAC addresses from ND information.
5. VTEP 1 does not learn the MAC address of VM 2 because remote-MAC address learning is
disabled.
As a result, VM 1 fails to communicate with VM 2.
For VM 1 to communicat e with VM 2, enable NS packet proxy on VSI-interface 2 of V TEP 2. When
receiving the NS packet sent by VTEP 1, VTEP 2 forwards it and sends an NS packet sourced from
VSI-interface 2 simultaneously, and VM 2 replies to both NS packets. Then, V TEP 2 learns the MA C
address of VM 2 from the NA packet sent to VSI-interfac e 2 and advertises the MAC address to
VTEP 1 through BGP EVPN routes. In this way, VTEP 1 obtains the MAC address of VM 2, and VM
1 and VM 2 can communicate.
Procedure
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface vsi-interface-id

33
 3. Enable ND request proxy.
ipv6 nd proxy-send enable
By default, ND request proxy is disabled on VSI interfaces.

Enabling conversational learning for forwarding

entries
About conversational learning for forwarding entries
Perform the tasks in this section to issue forwarding entries to the hardware only when the entries
are required for packet forwarding. The on-demand mechanism saves the device hardware
resources.
The forwarding entries in this section include remote MAC address entries, host route FIB entries,
and remote ARP entries.

Restrictions and guidelines for enabling conversational

learning for forwarding entries
Perform the tasks in this section only on an EVPN network.

Enabling conversational learning for remote MAC address

entries
About this task
By default, the device issues a remot e MAC address entry to the hardware after the remote MAC
address is advertised to the local site by BGP EVP N routes. This feature enables the device to issue
a remote MAC address entry to the hardware only when the entry is required for packet forwarding.
This feature saves hardware resources on the device.
With this feature enabled, the devic e generates a blackhole MAC address entry for an unknown
MAC address if receiving 50 frames destined for that MAC address within the MAC aging time.
Those blackhole MAC address entries age out when the MA C aging timer expires. After a blackhole
MAC address entry ages out, the device can forward the t raffic destined for the MAC address. For
more information about the MAC aging time and blackhole MA C address entries, see MAC address
table configuration in Layer 2—LAN Switching Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enable conversational learning for remote MAC address entries.
mac-address forwarding-conversational-learning
By default, conversational learning is disabled for remote MAC address entries.

34
Enabling conversational learning for host route FIB entries
About this task
By default, the device issues a host route FIB entry to the hardware after the entry is generated. This
feature enables the device to issue a host route FIB entry to the hardware only when the entry is
required for packet forwarding. This feature saves hardware resources on the device.
Restrictions and guidelines
Set an appropriate aging timer for host route FIB entries according to your network. A much longer or
shorter aging timer will degrade the device performance.
• If the aging timer is too long, the device will save many outdated host route FIB entries and fail
to accommodate the most recent network changes. These entries cannot be used for correct
packet forwarding and exhaust FIB resources.
• If the aging timer is too short, the device will delete the valid host route FIB entries that can still
be effective for packet forwarding. As a result, FIB entry flapping will occur, and the device
performance will be affected.
With conversational learning enabled for host route FIB entries, the device periodically sends A RP
requests to learn the host route for an IP address if the following conditions exist:
• Incoming packets are destined for the IP address, and the IP address matches a direct route.
• The device does not have a host route for the IP address.
Before the probe node ages out, if the device has not learned a host rout e after receiving 50 packets
destined for that IP address, the device adds a blackhole route for the IP address. The devic e retains
the blackhole route until the probe node ages out or it learns a host route for the IP address.
Procedure
1. Enter system view.
system-view
2. Enable conversational learning for host route FIB entries.
ip forwarding-conversational-learning [ aging aging-time ]
By default, conversational learning is disabled for host route FIB entries.

Enabling conversational learning for IPv6 host route FIB

entries
About this task
By default, the device issues an IP v6 host rout e FIB ent ry to the hardware after the entry is
generated. This feat ure enables the device to issue an IP v6 host rout e FIB entry to the hardware only
when the entry is required for packet forwarding. This feature saves hardware resources on the
device.
Restrictions and guidelines
Set an appropriate aging timer for IPv6 host route FIB entries according to your network. A much
longer or shorter aging timer will degrade the device performance.
• If the aging timer is too long, the device will save many outdated IPv6 host route FIB entries and
fail to accommodate the most recent network changes. These entries cannot be used for
correct packet forwarding and exhaust FIB resources.
• If the aging timer is too short, the device will delete the valid IP v6 host route FIB entries that can
still be effective for packet forwarding. As a result, FIB entry flapping will occur, and the device
performance will be affected.

35
Procedure
1. Enter system view.
system-view
2. Enable conversational learning for IPv6 host route FIB entries.
ipv6 forwarding-conversational-learning [ aging aging-time ]
By default, conversational learning is disabled for IPv6 host route FIB entries.

Configuring BGP EVPN route redistribution and

advertisement
Redistributing MAC/IP advertisement routes into BGP
unicast routing tables
About this task
This task enables the device to redistribute received MAC/IP advertisement routes that contain ARP
or ND information into a BGP unicast routing table.
• If you perform this task for the BGP IPv4 or IPv6 unicast address family, the device will
redistribute the routes into the BGP IPv4 or IPv6 unicast routing table. In addition, the device
will advertise the routes to the local site.
• If you perform this task for the BGP-VPN IPv4 or IPv6 unicast address family, the device will
redistribute the routes into the BGP-VPN IPv4 or IPv6 unicast routing table of the corresponding
VPN instance. To advertise the routes to the local site, you must configure the advertise
l2vpn evpn command.
Procedure (BGP instance view)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv4 or IPv6 unicast address family view.
address-family { ipv4 | ipv6 }
4. Redistribute MAC/IP advertisement routes that contain ARP or ND information into the BGP
IPv4 or IPv6 unicast routing table.
import evpn mac-ip
By default, MAC/IP advertisement routes that contain ARP or ND information are not
redistributed into the BGP IPv4 or IPv6 unicast routing table.
Procedure (BGP-VPN instance view)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv4 or IPv6 unicast address family view.

36
 address-family { ipv4 | ipv6 }
5. Redistribute MAC/IP advertisement routes that contain ARP or ND information into the
BGP-VPN IPv4 or IPv6 unicast routing table.
import evpn mac-ip
By default, MAC/IP advertisement routes that contain ARP or ND information are not
redistributed into the BGP-VPN IPv4 or IPv6 unicast routing table.

Setting the metric of BGP EVPN routes added to a VPN

instance's routing table
About this task
After you perform this task, the device sets the metric of a BGP EVPN route added to a VPN
instance's routing table to the metric of the IGP route pointing to the next hop in the original BGP
EVPN route.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Set the metric of a BGP EVPN route added to a VPN instance's routing table to the metric of the
IGP route pointing to the next hop in the original BGP EVPN route.
igp-metric inherit
By default, the device sets the metric to 0 when adding BGP EVPN routes a VPN instance's
routing table.

Enabling BGP EVPN route advertisement to the local site

About this task
This feature enables the device to advertise BGP EVPN routes to the local site after the device adds
the routes to the routing table of a VPN instance. The BGP EVPN routes here are IP prefix
advertisement routes and MAC/IP advertisement routes that contain ARP or ND information.
Procedure (IPv4)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv4 unicast address family view.
address-family ipv4 [ unicast ]
5. Enable BGP EVPN route advertisement to the local site.
advertise l2vpn evpn
By default, BGP EVPN route advertisement to the local site is enabled.

37
Procedure (IPv6)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv6 unicast address family view.
address-family ipv6 [ unicast ]
5. Enable BGP EVPN route advertisement to the local site.
advertise l2vpn evpn
By default, BGP EVPN route advertisement to the local site is enabled.

Disabling flooding for a VSI

About this task
By default, the VTEP floods broadcast, unknown unicast, and unknown multicast frames received
from the local site to the following interfaces in the frame's VXLAN:
• All site-facing interfaces except for the incoming interface.
• All VXLAN tunnel interfaces.
When receiving broadcast, unknown unicast, and unknown multicast frames on VXLAN tunnel
interfaces, the device floods the frames to all site-facing interfaces in the frames' VXLAN.
To confine a kind of flood traffic, disable flooding for that kind of flood traffic on the VSI bound to the
VXLAN.
You can use selective flood to exclude a remote MAC address from the remote flood suppression
done by using the flooding disable command. The V TEP will flood t he frames destined for the
specified MAC address to remote sites when floods are confined to the local site.
For more information about the VXLAN commands in this task, see VXLAN Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Disable flooding for the VSI.
flooding disable { all | { broadcast | unknown-multicast | unknown-unicast }
* } [ all-direction | dci ]
By default, flooding is enabled for a VSI.
If V XLA N-DCI is configured, flood traffic is also sent out of V XLA N-DCI tunnel interfaces. To
confine flood traffic to the site-facing interfaces and V XLA N tunnels within a data cent er, you
can specify the dci keyword to disable flooding only to VXLAN-DCI tunnel interfaces.
The all-direction keyword disables flooding traffic received from an AC or VXLAN tunnel
interface to any other ACs and VXLAN tunnel interfaces of the same VSI. If VXLAN-DCI is
configured, this keyword also disables flooding between VXLAN tunnel interfaces and
VXLAN-DCI tunnel interfaces.
4. (Optional.) Enable selective flood for a MAC address.

38
 selective-flooding mac-address mac-address

Enabling ARP or ND flood suppression

About this task
Use ARP or ND flood suppression to reduce ARP request broadcasts or ND request multicasts.
The aging timer is fixed at 25 minutes for ARP or ND flood suppression entries. If the flooding
disable command is configured, set the MA C aging timer to a higher value than the aging timer for
ARP or ND flood suppression ent ries on all VTEPs. This setting prevents the traffic blackhole that
occurs when a MAC address entry ages out before its ARP or ND flood suppression entry ages out.
To set the MAC aging timer, use the mac-address timer command.
When remote ARP or ND learning is disabled for V XLA Ns, the device does not use A RP or ND flood
suppression entries to respond to ARP or ND requests received on VXLAN tunnels.
To delete ARP flood suppression entries, use the reset arp suppression vsi c ommand
instead of the reset arp command. For more information about the reset arp suppression
vsi command, see VXLAN Command Reference. For more information about the reset arp
command, see ARP commands in Layer 3—IP Services Command Reference.
To delete ND flood suppression entries, use the reset ipv6 nd suppression vsi command
instead of the reset ipv6 neighbors c ommand. For more information about the reset ipv6
nd suppression vsi command, see VXLAN Command Reference. For more information about
the reset ipv6 neighbors command, see IP v6 basics commands in Layer 3—IP Services
Command Reference.
Enabling ARP flood suppression
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enable ARP flood suppression.
arp suppression enable
By default, ARP flood suppression is disabled.
For more information about this command, see VXLAN Command Reference.
Enabling ND flood suppression
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enable ND flood suppression.
ipv6 nd suppression enable
By default, ND flood suppression is disabled.
For more information about this command, see VXLAN Command Reference.

Enabling packet statistics for VXLAN tunnels

About this task
Perform this task to enable packet statistics globally for automatically created VXLAN tunnels.

39
 To display the packet statistics for a VXLAN tunnel, use the display interface tunnel
command in any view.
To clear the packet statistics for a VXLAN tunnel, use the reset counters interface tunnel
command in user view.
Procedure
1. Enter system view.
system-view
2. Enable packet statistics for automatically created VXLAN tunnels.
tunnel statistics vxlan auto
By default, the packet statistics feature is disabled for automatically created VXLAN tunnels.
For more information about this command, see VXLAN Command Reference.

Testing the connectivity of a VXLAN tunnel

Enabling overlay OAM
About this task
You must enable overlay OAM on the tunnel destination devic e for a V XLA N tunnel before you can
use the ping vxlan or tracert vxlan command to test reachability of the VXLAN tunnel on the
tunnel source device.
Restrictions and guidelines
To specify the -r 3 parameter in the ping vxlan or tracert vxlan command on the tunnel
source device, you must also enable overlay OAM on the tunnel source device.
Procedure
1. Enter system view.
system-view
2. Enable overlay OAM.
overlay oam enable
By default, overlay OAM is disabled.

Pinging a VXLAN tunnel destination

About this task
Perform this task to test the connectivity of a VXLAN tunnel in an EVPN VXLAN network when the
tunnel has traffic loss or interruption issues. The process of a ping VXLAN operation is as follows:
1. The tunnel source VTEP sends VXLAN-encapsulated VXLAN echo requests to the tunnel
destination VTEP.
2. The tunnel destination VTEP responds with VXLAN echo replies.
3. The tunnel source VTEP outputs packet statistics and the test result based on the received
VXLAN echo replies.
Restrictions and guidelines
Before y ou perform this task on the tunnel source device, you must enable overlay OAM on the
tunnel destination device by using the overlay oam enable command.

40
 The V TEP can distribute V XLAN echo requests among multiple paths to the destination based on
the source UDP port. When a VXLAN tunnel has multiple pat hs on the transport net work, you can
configure load sharing paramet ers to ensure accuracy of the test result. You can use one of the
following methods to configure source UDP ports for VXLAN echo requests:
• Specify a source UDP port range. The device will send VXLAN echo requests sourced from
each UDP port in the UDP port range. You need to execute the ping vxlan command only
once.
• Specify load balancing parameters such as source and destination MAC addresses, source
and destination IP addresses, and protocol for the VTEP to calculate a source UDP port number.
You need to execute the ping vxlan command multiple times to test connectivity of all paths.
The load balancing parameters change only the sourc e UDP port number of V XLA N echo requests.
Other fields of the requests will not be changed.
If you specify the vxlan-source-udpport vxlan-source-udpport
[ end-vxlan-src-udpport ] paramet ers, the number of V XLAN echo requests sourc ed from
each UDP port in the UDP port range is determined by the -c count parameter.

Procedure
Execute the following command in any view.
ping vxlan [ -a inner-src-address | -c count | -m interval | -r reply-mode | -t
timeout | -tos tos-value ] * vxlan-id vxlan-id tunnel-source source-address
tunnel-destination dest-address [ destination-udpport dest-port ]
[ vxlan-source-address vxlan-source-address ] [ load-balance
{ vxlan-source-udpport vxlan-source-udpport [ end-vxlan-src-udpport ] |
source-address lb-src-address destination-address lb-dest-address
protocol { udp | lb-protocol-id } source-port lb-src-port destination-port
lb-dest-port source-mac lb-source-mac destination-mac
lb-destination-mac } ]
For more information about this command, see VXLAN Command Reference.

Tracing the path to a VXLAN tunnel destination

About this task
Perform this task to locate failed nodes on the path for a V XLAN tunnel that has traffic loss or
interruption issues in an EVPN V XLA N network. The process of a tracert V XLAN operation is as
follows:
1. The tunnel source VTEP sends VXLAN-encapsulated VXLAN echo requests to the tunnel
destination VTEP. The TTL in the IP header of the requests is set to 1.
2. The first hop on the path responds to the tunnel source VTEP with a TTL-expired ICMP error
message.
3. The tunnel source VTEP sends VXLAN echo requests with the TTL set to 2.
4. The second hop responds with a TTL-expired ICMP error message.
5. This process continues until a V XLA N echo request reaches the tunnel destination V TEP or t he
maximum TTL value is reac hed. If a V XLA N echo request reaches the t unnel destination V TEP,
the tunnel destination VTEP sends a VXLAN echo reply to the tunnel source VTEP.
6. The tunnel source V TEP outputs packet statistics and the test result based on the received
ICMP error messages and whether a VXLAN echo reply is received.
Restrictions and guidelines
Before y ou perform this task on the tunnel source device, you must enable overlay OAM on the
tunnel destination device by using the overlay oam enable command.

41
 The V TEP can distribute V XLAN echo requests among multiple paths to the destination based on
the source UDP port. When a VXLAN tunnel has multiple pat hs on the transport net work, you can
configure load sharing paramet ers to ensure accuracy of the test result. You can use one of the
following methods to configure source UDP ports for VXLAN echo requests:
• Specify a source UDP port range. The device will send VXLAN echo requests sourced from
each UDP port in the UDP port range. You need to execute the ping vxlan command only
once.
• Specify load balancing parameters such as source and destination MAC addresses, source
and destination IP addresses, and protocol for the VTEP to calculate a source UDP port number.
You need to execute the ping vxlan command multiple times to test connectivity of all paths.
The load balancing parameters change only the source UDP port number of VXLAN echo requests.
Other fields of the requests will not be changed.

Procedure
Execute the following command in any view.
tracert vxlan [ -a inner-src-address | -h ttl-value | -r reply-mode | -t
timeout ] * vxlan-id vxlan-id tunnel-source source-address
tunnel-destination dest-address [ destination-udpport dest-port ]
[ vxlan-source-address vxlan-source-address ] [ load-balance
{ vxlan-source-udpport vxlan-source-udpport | source-address
lb-src-address destination-address lb-dest-address protocol { udp |
lb-protocol-id } source-port lb-src-port destination-port lb-dest-port
source-mac lb-source-mac destination-mac lb-destination-mac } ]
For more information about this command, see VXLAN Command Reference.

Enabling SNMP notifications for EVPN

About this task
If S NMP notifications are enabled for EVPN, a MA C mobility suppression notification is sent to
SNMP module after t he MA C mobility suppression threshold is reached. For S NMP notifications to
be sent correctly, you must also configure S NMP on the device. For more information about SNMP
configuration, see Network Management and Monitoring Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enable SNMP notifications for EVPN.
snmp-agent trap enable evpn [ mac-mobility-suppression ]
By default, SNMP notifications are disabled for EVPN.

Configuring EVPN M-LAG

About this task
EVPN M-LAG virtualizes two VTEPs or EVPN gateways into one M-LAG system to avoid single
points of failure. The V TEPs or EVPN gateways use a virt ual V TEP address to establish V XLA N
tunnels to remote devices.
An AC that is attached to only one of the V TEPs in an M-LAG system is called a single-homed AC.
To ensure that the traffic of a single-homed AC is forwarded to its attached V TEP, specify the IP
addresses of the VTEPs in the M-LAG system by using the evpn m-lag local command. After

42
 you configure this command, each V TEP in an M-LAG system changes the next hop of the routes for
single-homed A Cs to its local VTEP IP address when advertising the routes. When a V TEP receives
BGP EVPN routes from the peer V TEP IP address specified by using this command, it does not set
up a VXLAN tunnel to the peer VTEP.
You must execute the evpn m-lag local command if single-homed A Cs are attached to an
M-LAG system that uses a direct peer link. You do not need to execute this command on an M-LA G
system that uses a tunnel peer link. In such an M-LAG system, a VTEP uses the source IP address
of the peer link as the next hop of routes for single-homed ACs to ensure correct traffic forwarding.

Restrictions and guidelines

EVPN M-LAG restrictions and guidelines
• In an M-LAG system, M-LAG member devices must have the same EVPN configuration.
• Do not configure overlapping outer VLAN IDs for Ethernet service instances of different VSIs.
• For an M-LAG member device to re-establish VXLAN tunnels, you must execute the
address-family l2vpn evpn command in BGP instance view after you enable or disable
EVPN M-LAG.
• You cannot specify a secondary IP address of an interface as the virtual VTEP address.
• You must execute the undo mac-address static source-check enable command
on the Layer 2 aggregate interfaces or Layer 2 Ethernet interfaces that act as peer-link
interfaces and on transport-facing physical interfaces.
• If the traffic outgoing interface for a VXLAN tunnel is an M-LAG interface, do not assign the
M-LAG interface to a VLAN matched by an Ethernet service instance on the peer link.
• The interfaces configured with single-homed ACs must have the same link type as the peer-link
interface.
• If the M-LAG member devices are distributed EVPN gateways, use the evpn global-mac
command to configure the same EVPN global MAC address for the devices. This ensures that
the M-LAG member devices use the same router MAC address.
• Use a direct link between the M-LAG member devices as the keepalive link. Do not use the
keep link for any other purposes. Make sure the M-LAG member devices have Layer 2 and
Layer 3 connectivity to each other over the keepalive link.
• Do not use VSI interface 0 as a gateway interface.
• When you bulk shut down physical interfaces on an M-LAG member device for service changes
or hardware replacement, shut down the physical interfaces used for keepalive detection prior
to the physical member ports of the peer-link interface. If you fail to do so, link flapping will occur
on the member ports of M-LAG interfaces.
• If an M-LAG system is attached to a large number of servers whose NICs operate in
active/standby mode, take the size of the traffic sent among those servers into account when
you determine the bandwidth of the peer link.
• Three VXLAN tunnels are set up between an M-LAG system and a peer VTEP. When the peer
VTEP sends multicast, broadcast, or unknown unicast traffic (flood traffic) to the M-LAG system,
the M-LAG member devices receive three identical flood flows and drop two of them. If the
M-LAG member devices have learned the destination MAC address of the flood flow, the flood
flows ought to be dropped will be unicasted, and the VMs attached to the M -LAG system will
receive duplicate packets.
• Only a direct peer link can forward BFD echo packets. Do not execute the bfd forwarding
match remote-discriminator command if a tunnel peer link is used. If you execute this
command, the M-LAG member devices cannot set up static BFD sessions correctly with
downstream devices.
If a direct peer link is used, follow these restrictions:

43
 • If the frame match criteria of dynamic ACs on the peer link are created based on site-facing
Ethernet service instances, you can configure only the following criteria for site-facing Ethernet
service instances:
 encapsulation s-vid { vlan-id | vlan-id-list }
 encapsulation untagged
In addition, you must configure VLAN access mode for the site-facing Ethernet service
instances.
• You must configure VLAN access mode for the site-facing Ethernet service instances when the
frame match criteria of dynamic ACs on the peer link are created based on VXLAN IDs. You can
configure only the encapsulation s-vid vlan-id-list c-vid vlan-id and
encapsulation s-vid vlan-id c-vid { vlan-id | all } criteria for site-facing
Ethernet service instances to match double-tagged packets. You can configure only the
encapsulation s-vid vlan-id [ only-tagged ] and encapsulation s-vid
vlan-id-list criteria for site-facing Ethernet service instances to match single-tagged
packets. If you configure any other criterion, traffic sent over the peer link will carry incorrect
VLAN IDs.
• As a best practice, do not redistribute external routes on the M-LAG member devices.
Forwarding entry configuration restrictions and guidelines
The V TEPs in an M-LA G system synchroniz e local and remote MAC address entries with each other
over the peer link. However, they do not synchronize MA C address ent ry deletions. When you delet e
a MAC address entry from one V TEP, the other VTEP retains the entry that contains the same MA C
address until the entry ages out.
At an IP v6 site, if you enable ND flood suppression on t he V TEPs in an M-LA G system, both VTEPs
reply with NA packets when one of the VTEPs receives an NS packet on an M -LAG interface.
If a route reflector reflects routes between the VTEPs in an M-LAG system, after you execute the
evpn m-lag local command on both VTEPs or execute the undo evpn m-lag local
command on one of the VTEPs, also execute the following commands on the VTEPs:
• reset arp.
• reset arp suppression vsi.
• reset ipv6 neighbors.
• reset ipv6 nd suppression vsi.
These commands clear ARP- and ND-related entries on the VTEPs to ensure correct forwarding.

Prerequisites
In addition to EVPN M-LAG configuration, you must configure the following settings:
• Configure other M-LAG and EVPN settings depending on your network. For information about
M-LAG configuration, see Layer 2—LAN Switching Configuration Guide.
• Use the m-lag mad exclude interface command to exclude the following interfaces:
 Set the default M-LAG MA D action to NONE by using the m-lag mad default-action
none command.
 Do not configure the M-LAG MA D action on the VLAN int erfaces of the VLA Ns to which the
M-LAG interfaces and peer-link interfaces belong. These interfaces will not be shut down by
M-LAG MAD.
 If you use a direct peer link, add the uplink Layer 3 interfaces, VLAN interfaces, and physical
interfaces to the list of included interfaces by using the m-lag mad include interface
command. These interfaces will be shut down by M-LAG MAD. This restriction does not
apply to a tunnel peer link.

44
  Do not configure the M-LAG MAD action on the interfaces used by EVPN, including the VSI
interfaces, interfaces that provide BGP peer addresses, and interfaces used for setting up
the keepalive link. These interfaces will not be shut down by M-LAG MAD.
 Do not configure the M-LAG MAD action on the interface that provides the IP address
specified by using the evpn m-lag group command. These interfaces will not be shut
down by M-LAG MAD.
• Execute the m-lag restore-delay command to set the data restoration interval to a value
equal to or larger than 300 seconds.
• You must disable spanning tree on the Layer 2 Ethernet interface that acts as the physical traffic
outgoing interface of a VXLAN tunnel. If you enable spanning tree on that interface, the
upstream device will falsely block the interfaces connected to the M-LAG member devices.
• As a best practice, set the PVID to 4094 on the peer-link interfaces. If you fail to do so, an
M-LAG member device might set the outer VLAN ID matched by an AC to the PVID of its
peer-link interface. This error will affect forwarding of the underlay traffic whose VLAN ID is
VXLAN ID%4094 + 1.
If you use a tunnel peer link, you must also complete the following tasks:
• Manually create the VXLAN tunnel interface and configure it as the peer-link interface. An
automatically created VXLAN tunnel cannot be used as a peer link.
• Use the m-lag mad exclude interface command to exclude VXLAN tunnel interfaces
and their traffic outgoing interfaces from the MAD shutdown action by M-LAG before you
configure them as peer-link interfaces. If you have configured the VXLAN tunnel interfaces as
peer-link interfaces before excluding them and their traffic outgoing interfaces from the MAD
shutdown action, you must first remove the peer-link interface configuration. After the VXLAN
tunnel interfaces and their traffic outgoing interfaces come up, exclude the interfaces from the
MAD shutdown action by M-LAG. Then, configure the VXLAN tunnel interfaces as peer-link
interfaces.
• The source address of the peer-link VXLAN tunnel must be the address used by the device to
establish BGP peer relationships with other devices.
• As a best practice, configure different physical outgoing interfaces for the peer-link VXLAN
tunnel and VXLAN tunnels used for traffic forwarding.
• To prioritize transmission of M-LAG protocol packets on the peer link, use the tunnel tos
command on the VXLAN tunnel interface to set a high ToS value for tunneled packets.
• Specify the virtual VTEP address and the source address of the tunnel peer link as the IP
addresses of different loopback interfaces. Configure a routing protocol to advertise the IP
addresses.
• Use the reserved vxlan command to specify a reserved VXLAN to forward M-LAG protocol
packets. The M-LAG member devices in an M-LAG system must have the same reserved
VXLAN.

Procedure (IPv4)
1. Enter system view.
system-view
2. Enable EVPN M-LAG and specify the virtual VTEP address.
evpn m-lag group virtual-vtep-ipv4
By default, EVPN M-LAG is disabled.
To modify the virtual VTEP address, you must first delete the original virtual VTEP address.
3. Specify the IP addresses of the VTEPs in the M-LAG system.
evpn m-lag local local-ipv4-address remote remote-ipv4-address
By default, the IP addresses of the VTEPs in an M-LAG system are not specified.

45
 Make sure the IP address of the local VTEP belongs to a local interface. Make sure the local
VTEP IP address and peer VTEP IP address are reversed on the VTEPs in the M-LAG system.
4. (Optional.) Enable the device to create frame match criteria based on VXLAN IDs for the
dynamic ACs on the peer link.
l2vpn m-lag peer-link ac-match-rule vxlan-mapping
By default, on an EVPN M-LAG system that uses a direct peer link, dynamic ACs on the peer
link use frame match criteria that are identical to those of site-facing ACs.
If you do not execute this command, do not configure overlapping outer VLAN IDs for Ethernet
service instances of different VSIs.
If you execute this command, do not create VXLANs with IDs larger than 16000000.

Procedure (IPv6)
1. Enter system view.
system-view
2. Enable EVPN M-LAG and specify the virtual VTEP address.
evpn m-lag group virtual-vtep-ipv6
By default, EVPN M-LAG is disabled.
To modify the virtual VTEP address, you must first delete the original virtual VTEP address.
3. Specify the IP addresses of the VTEPs in the M-LAG system.
evpn m-lag local local-ipv6-address remote remote-ipv6-address
By default, the IP addresses of the VTEPs in an M-LAG system are not specified.
Make sure the IP address of the local VTEP belongs to a local interface. Make sure the local
VTEP IP address and peer VTEP IP address are reversed on the VTEPs in the M-LAG system.
4. (Optional.) Enable the device to create frame match criteria based on VXLAN IDs for the
dynamic ACs on the peer link.
l2vpn m-lag peer-link ac-match-rule vxlan-mapping
By default, on an EVPN M-LAG system that uses a direct peer link, dynamic ACs on the peer
link use frame match criteria that are identical to those of site-facing ACs.
If you do not execute this command, do not configure overlapping outer VLAN IDs for Ethernet
service instances of different VSIs.
If you execute this command, do not create VXLANs with IDs larger than 16000000.

Display and maintenance commands for EVPN

Execute display commands in any view and reset commands in user view.

Task Command

display bgp [ instance instance-name ] group

Display BGP peer group information.
l2vpn evpn [ group-name group-name ]
display bgp [ instance instance-name ] l2vpn
evpn [ peer { ipv4-address | ipv6-address }
{ advertised-routes | received-routes }
Display BGP EVPN routes.
[ statistics ] | [ route-distinguisher
route-distinguisher | route-type
{ auto-discovery | es | imet | ip-prefix |
mac-ip } ] * [ { evpn-route route-length |
evpn-prefix } [ advertise-info | as-path |

46
Task Command
cluster-list | community | ext-community ] |
{ ipv4-address | ipv6-address | mac-address }
[ verbose ] ] | statistics ]
display bgp [ instance instance-name ] l2vpn
evpn [ route-distinguisher
route-distinguisher ] [ statistics ]
community [ community-number&<1-32> |
aa:nn&<1-32> ] [ internet | no-advertise |
no-export | no-export-subconfed ]
[ whole-match ]
display bgp [ instance instance-name ] l2vpn
evpn [ route-distinguisher
route-distinguisher ] [ statistics ]
community-list
{ basic-community-list-number |
adv-community-list-number |
comm-list-name } [ whole-match ]
display bgp [ instance instance-name ] l2vpn
evpn [ route-distinguisher
route-distinguisher ] [ statistics ]
ext-community [ rt route-target | soo
site-of-origin]&<1-32> [ whole-match ]
display bgp [ instance instance-name ] peer
l2vpn evpn [ ipv4-address mask-length |
Display BGP peer or peer group
ipv6-address prefix-length | { ipv4-address
information.
| ipv6-address | group-name group-name }
log-info | [ ipv4-address ] verbose ]
display bgp [ instance instance-name ]
Display information about BGP update
groups. update-group l2vpn evpn [ ipv4-address |
ipv6-address ]
Display information about IPv4 peers display evpn auto-discovery { { imet |
that are automatically discovered mac-ip } [ peer ip-address ] [ vsi vsi-name ]
through BGP. | macip-prefix [ nexthop next-hop ] [ count ] }
Display M-LAG-synchronized MAC display evpn m-lag synchronized-mac [ vsi
address entries. vsi-name ] [ count ]
display evpn es { local [ vsi vsi-name ] [ esi
Display EVPN ES information. esi-id ] [ verbose ] | remote [ vsi vsi-name ]
[ esi esi-id ] [ nexthop next-hop ] }
display evpn ipv6 auto-discovery { imet
Display information about IPv6 peers
[ peer ipv6-address ] [ vsi vsi-name ] |
that are automatically discovered
through BGP. mac-ip | macip-prefix [ nexthop next-hop ]
[ count ] }
Display IPv6 EVPN MAC address display evpn ipv6 route mac [ local | remote ]
entries. [ vsi vsi-name ] [ count ]
display evpn route arp [ local | remote ]
Display EVPN ARP entries. [ public-instance | vpn-instance
vpn-instance-name ] [ count ]

47
 Task Command

display evpn route arp suppression [ local |

Display ARP flood suppression entries.
remote ] [ vsi vsi-name ] [ count ]
display evpn route arp-mobility
Display EVPN ARP mobility
information. [ public-instance | vpn-instance
vpn-instance-name ] [ ip ip-address ]
display evpn route mac [ local | remote ] [ vsi
Display EVPN MAC address entries.
vsi-name ] [ count ]
Display EVPN MAC mobility display evpn [ ipv6 ] route mac-mobility
information. [ vsi vsi-name ] [ mac-address mac-address ]
display evpn route nd [ local | remote ]
Display EVPN ND entries. [ public-instance | vpn-instance
vpn-instance-name ] [ count ]
Display EVPN ND flood suppression display evpn route nd suppression [ local |
entries. remote ] [ vsi vsi-name ] [ count ]
display evpn route nd-mobility
Display EVPN ND mobility information. [ public-instance | vpn-instance
vpn-instance-name ] [ ipv6 ipv6-address ]
display evpn routing-table [ ipv6 ]
Display the routing table for a VPN
instance. { public-instance | vpn-instance
vpn-instance-name } [ count ]
Display site-facing interfaces excluded display l2vpn forwarding evpn split-horizon
from traffic forwarding by split horizon. tunnel tunnel-number slot slot-number
reset evpn route arp-mobility suppression
Cancel ARP mobility event
suppression. [ public-instance | vpn-instance
vpn-instance-name [ ip ip-address ] ]
Cancel MAC mobility event reset evpn route mac-mobility suppression
suppression. [ vsi vsi-name [ mac mac-address ] ]
reset evpn route nd-mobility suppression
Cancel ND mobility event suppression. [ public-instance | vpn-instance
vpn-instance-name [ ipv6 ipv6-address ] ]

Display ARP gateway protection display arp filter source service-instance

configuration for Ethernet service [ interface interface-type
instances. interface-number [ service-instance
instance-id ] ] [ slot slot-number ]

NOTE:
For more information about the display bgp group, display bgp peer, and display bgp
update-group commands, see BGP commands in Layer 3—IP Routing Command Reference.

48
EVPN VXLAN configuration examples
Example: Configuring a centralized EVPN gateway
Network configuration
As shown in Figure 18:
• Configure VXLAN 10 and VXLAN 20 on Switch A, Switch B, and Switch C to provide
connectivity for the VMs in the VXLANs across the network sites.
• Configure Switch C as a centralized IPv4 EVPN gateway to provide gateway services and
access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv4 sites over an IPv4 underlay network. The
configuration procedure does not differ between IPv4 and IPv6 sites or underlay networks.

Figure 18 Network diagram

Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24

Vlan-int12
Transport 12.1.1.4/24 VSI-int1
netw ork 10.1.1.1/24
Vlan-int13 VSI-int2
13.1.1.3/24 10.1.2.1/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 Loop0
1.1.1.1/32 12.1.1.2/24 Sw itch C 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 netw ork
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch C and reboot it.
[SwitchC] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchC] quit
<SwitchC> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?

49
 [Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify
10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 18. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable

# Disable remote MAC address and ARP learning.

[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] arp suppression enable
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

50
 [SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address and ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] arp suppression enable
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

51
 [SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address and ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.

52
 [SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Create VSI-interface 1 and assign the interface an IP address. The IP address will be used as
the gateway address for VXLAN 10.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Create VSI-interface 2 and assign the interface an IP address. The IP address will be used as
the gateway address for VXLAN 20.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

53
Verifying the configuration
1. Verify the EVPN gateway settings on Switch C:
# Verify that Switch C has advertised MAC/IP advertisement routes and IMET routes for the
gateways and received MAC/IP advertisement routes and IMET routes from Switch A and
Switch B. (Details not shown.)
# Verify that the VXLAN tunnel interfaces are up on Switch C.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 7 bytes/sec, 56 bits/sec, 0 packets/sec
Input: 10 packets, 980 bytes, 0 drops
Output: 85 packets, 6758 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 1 bytes/sec, 8 bits/sec, 0 packets/sec
Last 300 seconds output rate: 9 bytes/sec, 72 bits/sec, 0 packets/sec
Input: 277 packets, 20306 bytes, 0 drops
Output: 1099 packets, 85962 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch C.
[SwitchC] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP 10.1.2.1
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna

54
 VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
# Verify that Switch C has created EVPN ARP entries for the VMs.
[SwitchC] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

Public instance Interface: Vsi-interface1

IP address MAC address Router MAC VSI index Flags
10.1.1.1 0003-0003-0003 - 0 GL

55
 10.1.1.10 0000-1234-0001 - 0 B
10.1.1.20 0000-1234-0003 - 0 B

Public instance Interface: Vsi-interface2

IP address MAC address Router MAC VSI index Flags
10.1.2.1 0005-0005-0005 - 1 GL
10.1.2.10 0000-1234-0002 - 1 B
10.1.2.20 0000-1234-0004 - 1 B
# Verify that Switch C has created FIB entries for the VMs.
[SwitchC] display fib 10.1.1.10
Destination count: 1 FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
10.1.1.10/32 10.1.1.10 UH Vsi1 Null
2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another.

Example: Configuring distributed EVPN gateways in

symmetric IRB mode (IPv4 underlay network)
Network configuration
As shown in Figure 19:
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to provide connectivity for the
VMs in the VXLANs across the network sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services in
symmetric IRB mode. Configure Switch C as a border gateway to provide access to the
connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv4 sites. The configuration procedure does not differ
between IPv4 and IPv6 sites.

56
 Figure 19 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
VSI-int1
netw ork Vlan-int12
12.1.1.4/24
10.1.1.1/24
VSI-int2 VSI-int1
10.1.2.1/24 10.1.1.1/24 Vlan-int13
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10.1.2.1/24 Loop0
1.1.1.1/32 12.1.1.2/24 Sw itch C 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 netw ork
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
<SwitchA> system-view
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify
10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 19. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable

57
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3

# Map Ethernet service instance 2000 to VSI vpnb.

[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchA] ip vpn-instance l3vpna

58
 [SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit

5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna

59
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3

# Map Ethernet service instance 2000 to VSI vpnb.

[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.

60
 [SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 1:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200

61
 [SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 1:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Configure a default route. The next hop is the IP address of a device in the Layer 3 network.
[SwitchC] ip route-static vpn-instance l3vpna 0.0.0.0 0 20.1.1.100
# Import the default route to the BGP IPv4 unicast routing table of VPN instance l3vpna.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance l3vpna
[SwitchC-bgp-default-l3vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-l3vpna] default-route imported
[SwitchC-bgp-default-ipv4-l3vpna] import-route static
[SwitchC-bgp-default-ipv4-l3vpna] quit
[SwitchC-bgp-default-l3vpna] quit
[SwitchC-bgp-default] quit
# Associate VLAN-interface 20 with VPN instance l3vpna.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance l3vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0

62
 # Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Switch A:
# Verify that Switch A has advertised the IP prefix advertisement routes for the gateways and
the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Switch A has
received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement
routes and IMET routes for each VSI from Switch B. (Details not shown.)
# Verify that the VXLAN tunnel interfaces are up on Switch A. (This example uses Tunnel 0.)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 9 packets, 882 bytes, 0 drops
Output: 9 packets, 882 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch A. (This example uses VSI-interface 1.)
[SwitchA] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP 10.1.2.1
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited

63
 Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000

VSI Name: vpna

VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
WGE1/0/1 srv1000 0 Up Manual

VSI Name: vpnb

VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled

64
 Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
WGE1/0/1 srv2000 0 Up Manual
# Verify that Switch A has created ARP entries for the VMs. (Details not shown.)
# Verify that Switch A has created EVPN ARP entries for the local VMs.
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

VPN instance: l3vpna Interface: Vsi-interface1

IP address MAC address Router MAC VSI Index Flags
10.1.1.1 0001-0001-0001 a0ce-7e40-0400 0 GL
10.1.1.10 0000-1234-0001 a0ce-7e40-0400 0 DL
10.1.2.10 0000-1234-0002 a0ce-7e40-0400 0 DL
10.1.1.20 0000-1234-0003 a0ce-7e40-0400 0 B
10.1.2.20 0000-1234-0004 a0ce-7e40-0400 0 B
2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. (Details not
shown.)

Example: Configuring distributed EVPN gateways in

symmetric IRB mode (IPv6 underlay network)
Network configuration
As shown in Figure 20:
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to provide connectivity for the
VMs in the VXLANs across the network sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services in
symmetric IRB mode. Configure Switch C as a border gateway to provide access to the
connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv6 sites. The configuration procedure does not differ
between IPv4 and IPv6 sites.

65
 Figure 20 Network diagram
Loop0
4::4/128

Sw itch D
Vlan-int11 Vlan-int13
13::4/64 15::4/64
Transport Vlan-int12
VSI-int1 netw ork 14::4/64
11::1/64
VSI-int2 VSI-int1
12::1/64 11::1/64 Vlan-int13
VSI-int2 15::3/64
Vlan-int11
Loop0 13::1/64 Vlan-int12 12::1/64 Loop0
1::1/128 14::2/64 Sw itch C 3::3/128
Loop0
Sw itch A WGE1/0/1 Sw itch B 2::2/128 Vlan-int20
20::1/64
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V
L3 netw ork
M M M M
1 2 3 4

11::7/64 12::7/64 11::8/64 12::8/64

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
<SwitchA> system-view
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 3, specify 11::1 as the gateway address. On VM 2 and VM 4, specify 12::1 as
the gateway address. (Details not shown.)
3. Configure IPv6 addresses and unicast routing settings:
# Assign IPv6 addresses to interfaces, as shown in Figure 20. (Details not shown.)
# Configure OSPFv3 on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel nd-learning disable

66
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] router-id 1.1.1.1
[SwitchA-bgp-default] peer 4::4 as-number 200
[SwitchA-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4::4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance l3vpna.

67
 [SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv6
[SwitchA-vpn-ipv6-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv6-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ipv6 address 11::1 64
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-nd enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface2] ipv6 address 12::1 64
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-nd enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] ipv6 address auto link -local
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel nd-learning disable

68
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] router-id 2.2.2.2
[SwitchB-bgp-default] peer 4::4 as-number 200
[SwitchB-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4::4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3

# Map Ethernet service instance 2000 to VSI vpnb.

69
 [SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 1:2
[SwitchB-vpn-instance-l3vpna] address-family ipv6
[SwitchB-vpn-ipv6-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv6-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ipv6 address 11::1 64
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-nd enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface2] ipv6 address 12::1 64
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-nd enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] ipv6 address auto link -local
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit

6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable

70
 # Disable remote MAC address learning and remote ND learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel nd-learning disable

# Configure BGP to advertise BGP EVPN routes.

[SwitchC] bgp 200
[SwitchC-bgp-default] router-id 3.3.3.3
[SwitchC-bgp-default] peer 4::4 as-number 200
[SwitchC-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4::4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 1:3
[SwitchC-vpn-instance-l3vpna] address-family ipv6
[SwitchC-vpn-ipv6-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv6-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] ipv6 address auto link -local
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Configure a default route. The next hop is the IP address of a device in the Layer 3 network.
[SwitchC] ipv6 route-static vpn-instance l3vpna :: 0 20::100
# Import the default route to the BGP IPv6 unicast routing table of VPN instance l3vpna.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance l3vpna
[SwitchC-bgp-default-l3vpna] address-family ipv6 unicast
[SwitchC-bgp-default-ipv6-l3vpna] default-route imported
[SwitchC-bgp-default-ipv6-l3vpna] import-route static
[SwitchC-bgp-default-ipv6-l3vpna] quit
[SwitchC-bgp-default-l3vpna] quit
[SwitchC-bgp-default] quit
# Associate VLAN-interface 20 with VPN instance l3vpna and assign an IPv6 address to the
interface.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance l3vpna
[SwitchC-Vlan-interface20] ipv6 address 20::1 64
[SwitchC-Vlan-interface20] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.

71
 <SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] router-id 4.4.4.4
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1::1 group evpn
[SwitchD-bgp-default] peer 2::2 group evpn
[SwitchD-bgp-default] peer 3::3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Switch A:
# Verify that Switch A has advertised the IP prefix advertisement routes for the gateways and
the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Switch A has
received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement
routes and IMET routes for each VSI from Switch B. (Details not shown.)
# Verify that the VXLAN tunnel interfaces are up on Switch A. (This example uses Tunnel 0.)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1::1, destination 2::2
Tunnel protocol/transport UDP_VXLAN/IPv6
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch A. (This example uses VSI-interface 1.)
[SwitchA] display ipv6 interface vsi-interface brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
Vsi1 UP UP 11::1
Vsi2 UP UP 12::1

72
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000

VSI Name: vpna

VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
WGE1/0/1 srv1000 0 Up Manual

VSI Name: vpnb

VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : Unlimited

73
 Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
WGE1/0/1 srv2000 0 Up Manual
# Verify that Switch A has created EVPN ND entries for the local VMs.
[SwitchA] display evpn route nd
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

VPN instance: l3vpna Interface: Vsi-interface1

IPv6 address : 11::1
MAC address : 0001-0001-0001 Router MAC : 06dc-93de-0100
VSI index : 0 Flags : GL

IPv6 address : 11::7

MAC address : 06dc-98ca-0206 Router MAC : 06dc-93de-0100
VSI index : 0 Flags : DL

IPv6 address : 11::8

MAC address : 06dc-a8dd-0506 Router MAC : 06dc-a235-0400
VSI index : 0 Flags : B

VPN instance: l3vpna Interface: Vsi-interface2

IPv6 address : 12::1
MAC address : 0002-0002-0002 Router MAC : 06dc-93de-0100
VSI index : 1 Flags : GL

IPv6 address : 12::7

MAC address : 06dc-9ca0-0306 Router MAC : 06dc-93de-0100
VSI index : 1 Flags : DL

IPv6 address : 12::8

MAC address : 06dc-ad91-0606 Router MAC : 06dc-a235-0400
VSI index : 1 Flags : B

74
 2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. (Details not
shown.)

Example: Configuring distributed IPv4 EVPN gateways in

asymmetric IRB mode
Network configuration
As shown in Figure 21:
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to provide connectivity for the
VMs in the VXLANs across the network sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services in
asymmetric IRB mode. Configure Switch C as a border gateway to provide access to the
connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.
Figure 21 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
VSI-int1
netw ork Vlan-int12
12.1.1.4/24
10.1.1.1/24
VSI-int2 VSI-int1
10.1.2.1/24 20.1.1.1/24 Vlan-int13
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 20.1.2.1/24 Loop0
12.1.1.2/24
Sw itch C
1.1.1.1/32 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V
L3 netw ork
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 20.1.1.20 20.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Specify 10.1.1.1, 10.1.2.1, 20.1.1.1, and 20.1.2.1 as the gateway addresses on VM 1, VM 2,
VM 3, and VM 4, respectively. (Details not shown.)
2. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 21. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
3. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable

75
[SwitchA] vxlan tunnel arp-learning disable
# Enable asymmetric IRB mode for EVPN VXLAN.
[SwitchA] evpn irb asymmetric
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance l3vpna.

76
 [SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
4. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Enable asymmetric IRB mode for EVPN VXLAN.
[SwitchA] evpn irb asymmetric

77
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3

# Map Ethernet service instance 2000 to VSI vpnb.

[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchB] ip vpn-instance l3vpna

78
 [SwitchB-vpn-instance-l3vpna] route-distinguisher 1:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 20.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface2] ip address 20.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit

5. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable

# Configure BGP to advertise BGP EVPN routes.

[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200

79
 [SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 1:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Configure a default route. The next hop is the IP address of a device in the Layer 3 network.
[SwitchC] ip route-static vpn-instance l3vpna 0.0.0.0 0 20.1.1.100
# Import the default route to the BGP IPv4 unicast routing table of VPN instance l3vpna.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance l3vpna
[SwitchC-bgp-default-l3vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-l3vpna] default-route imported
[SwitchC-bgp-default-ipv4-l3vpna] import-route static
[SwitchC-bgp-default-ipv4-l3vpna] quit
[SwitchC-bgp-default-l3vpna] quit
[SwitchC-bgp-default] quit
# Associate VLAN-interface 20 with VPN instance l3vpna. VLAN-interface 20 provides access
to the Layer 3 network connected to Switch C.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance l3vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] quit
6. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0

80
 # Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Switch A:
# Verify that Switch A has advertised the IP prefix advertisement routes for the gateways and
the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Switch A has
received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement
routes and IMET routes for each VSI from Switch B. (Details not shown.)
# Verify that the VXLAN tunnel interfaces are up on Switch A. (This example uses Tunnel 0.)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch A. (This example uses VSI-interface 1.)
[SwitchA] display interface vsi-interface 1
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0003 -0003-0003
IPv6 packet frame type: Ethernet II, hardware address: 0003-0003-0003
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

81
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : Unlimited
MAC Learning rate : Unlimited
Drop Unknown : Disabled
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
Tunnel Statistics : Disabled

VSI Name: vpna

VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : Unlimited
MAC Learning rate : Unlimited
Drop Unknown : Disabled
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
WGE1/0/1 srv1000 0x0 Up Manual

VSI Name: vpnb

VSI Index : 2

82
 VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : Unlimited
MAC Learning rate : Unlimited
Drop Unknown : Disabled
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
WGE1/0/1 srv2000 0x0 Up Manual
# Verify that Switch A has created ARP entries for the VMs. (Details not shown.)
# Verify that Switch A has created EVPN ARP entries for the VMs.
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf

VPN instance: l3vpna Interface: Vsi-interface1

IP address MAC address Router MAC VSI index Flags
10.1.1.1 0001-0001-0001 522b-3413-0200 0 GL
10.1.1.10 521f-b814-0106 522b-3413-0200 0 DL
20.1.1.20 522b-3c6a-0406 522b-38cd-0300 0 B
2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. (Details not
shown.)

Example: Configuring communication between EVPN

networks and the public network
Network configuration
As shown in Figure 22:
• Configure VXLAN 10, VXLAN 20, and VXLAN 30 on Switch A, Switch B, and Switch C to meet
the following requirements:
 VXLAN 10 and VXLAN 20 are on the private network, and VXLAN 30 is on the public
network.
 VXLAN 10 can communicate with VXLAN 20 and VXLAN 30, and VXLAN 20 is isolated from
VXLAN 30.
• Configure Switch A, Switch B, and Switch C as distributed EVPN gateways to provide gateway
services for the VXLANs.

83
 • Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv4 sites over an IPv4 underlay network. The
configuration procedure does not differ between IPv4 and IPv6 sites or underlay networks.

Figure 22 Network diagram

Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
netw ork Vlan-int12
12.1.1.4/24
VSI-int1
VSI-int1
10.1.3.1/24
10.1.1.1/24 Vlan-int13
VSI-int1 13.1.1.3/24
Vlan-int11 Loop0
Loop0 11.1.1.1/24 Vlan-int12 10. 1.2.1/24 Sw itch C
1.1.1.1/32 12.1.1.2/24 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 WGE1/0/1

WGE1/0/1

VLAN 1 VLAN 2 VLAN 3

V V V
M M M
1 2 3
10.1.1.10 10.1.2.10 10.1.3.10
Server 1 Server 2 Server 2

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1, VM 2, and VM 3, specify 10.1.1.1, 10.1.2.1, and 10.1.3.1 as the gateway address,
respectively. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 22. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.

84
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 1.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 1
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 1

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-ipv4-l3vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-evpn-l3vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.

85
 [SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# Create VSI-interface 3 and configure its L3 VXLAN ID as 2000 for matching routes from
Switch B.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] l3-vni 2000
[SwitchA-Vsi-interface3] quit
# Create VSI-interface 4 and configure its L3 VXLAN ID as 3000 for matching routes from
Switch C.
[SwitchA] interface vsi-interface 4
[SwitchA-Vsi-interface4] l3-vni 3000
[SwitchA-Vsi-interface4] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

86
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance l3vpnb.
[SwitchB] ip vpn-instance l3vpnb
[SwitchB-vpn-instance-l3vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-l3vpnb] address-family ipv4
[SwitchB-vpn-ipv4-l3vpnb] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-ipv4-l3vpnb] quit
[SwitchB-vpn-instance-l3vpnb] address-family evpn
[SwitchB-vpn-evpn-l3vpnb] vpn-target 2:2
[SwitchB-vpn-evpn-l3vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-evpn-l3vpnb] quit
[SwitchB-vpn-instance-l3vpnb] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpnb
[SwitchB-Vsi-interface1] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Create VSI-interface 2, and configure its L3 VXLAN ID as 1000 for matching routes from
Switch A.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] qui
# Associate VSI-interface 3 with VPN instance l3vpnb, and configure the L3 VXLAN ID as 2000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpnb
[SwitchB-Vsi-interface3] l3-vni 2000
[SwitchB-Vsi-interface3] quit
# Create VSI-interface 4, and configure its L3 VXLAN ID as 3000 for matching routes from
Switch C.
[SwitchB] interface vsi-interface 4
[SwitchB-Vsi-interface4] l3-vni 3000

87
 [SwitchB-Vsi-interface4] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 1
[SwitchB-vsi-vpnb] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpnc, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] evpn encapsulation vxlan
[SwitchC-vsi-vpnc-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnc-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnc-evpn-vxlan] quit
# Create VXLAN 30.
[SwitchC-vsi-vpnc] vxlan 30
[SwitchC-vsi-vpnc-vxlan-30] quit
[SwitchC-vsi-vpnc] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4] quit
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD, route target, and L3 VXLAN ID settings for the public instance.
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 3:3
[SwitchC-public-instance] l3-vni 3000
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance-ipv4] vpn-target 3:3
[SwitchC-public-instance-ipv4] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-ipv4] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance-evpn]vpn-target 3:3
[SwitchC-public-instance-evpn] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-evpn] quit
[SwitchC-public-instance] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 3.
[SwitchC] interface twenty-fivegige 1/0/1

88
 [SwitchC-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchC-Twenty-FiveGigE1/0/1] port trunk permit vlan 3
[SwitchC-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchC-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpnc.

[SwitchC-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpnc
[SwitchC-Twenty-FiveGigE1/0/1-srv1000] quit
[SwitchC-Twenty-FiveGigE1/0/1] quit
# Configure VSI-interface 1.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.3.1 255.255.255.0
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# Create VSI-interface 2, and configure its L3 VXLAN ID as 1000 for matching routes from
Switch A.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] quit
# Create VSI-interface 3, and configure its L3 VXLAN ID as 2000 for matching routes from
Switch B.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 2000
[SwitchC-Vsi-interface3] quit
# Create VSI-interface 4 for the public instance, and configure the L3 VXLAN ID as 3000 for the
VSI interface.
[SwitchC] interface vsi-interface 4
[SwitchC-Vsi-interface4] l3-vni 3000
[SwitchC-Vsi-interface4] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnc.
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] gateway vsi-interface 1
[SwitchC-vsi-vpnc] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

89
 # Configure Switch D as an RR.
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Switch A:
# Verify that Switch A has advertised the IP prefix advertisement routes for the gateways and
the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Switch A has
received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement
routes and IMET routes for each VSI from Switch B and Switch C. (Details not shown.)
# Verify that the VXLAN tunnel interfaces are up on Switch A.
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 15 packets, 1470 bytes, 0 drops
Output: 15 packets, 1470 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 22 packets, 2156 bytes, 0 drops
Output: 23 packets, 2254 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch A.
[SwitchA] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1

90
Vsi2 UP UP --
Vsi3 UP UP --
Vsi4 UP UP --

# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_2
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 1000

VSI Name: Auto_L3VNI2000_3

VSI Index : 2
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 2000

VSI Name: Auto_L3VNI3000_4

VSI Index : 3
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled

91
 MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 4
VXLAN ID : 3000

VSI Name: vpna

VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
ACs:
AC Link ID State Type
WGE1/0/1 srv1000 0 Up Manual
# Verify that Switch A has created ARP entries for the VMs. (Details not shown.)
2. Verify that VM 1 can communicate with VM 2 and VM 3, and VM 2 cannot communicate with
VM 3. (Details not shown.)

Example: Configuring IPv4 EVPN M-LAG with a direct peer

link
Network configuration
As shown in Figure 23, perform the following tasks to make sure the VMs can communicate with one
another:
• Configure VXLAN 10 on Switch A and Switch B, and configure VXLAN 20 on Switch D.
• Configure EVPN M-LAG on Switch A and Switch B to virtualize them into one VTEP. The
switches use a direct peer link.
• Configure Switch C as a centralized EVPN gateway and RR.

NOTE:
This example provides configuration of IPv4 sites extended by an IPv4 underlay network. The
configuration procedure does not differ between site or underlay network types.

92
 Figure 23 Network diagram

10.1.1.1/24
Switch C
10.1.2.1/24

11.1.1.3/24 13.1.1.3/24

12.1.1.3/24

11.1.1.1/24
12.1.1.2/24 13.1.1.4/24
Switch A Peer link

1.2.3.4/32 WGE1/0/4 4.4.4.4/32

Switch B WGE1/0/1 Switch D

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch C and reboot it.
[SwitchC] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchC] quit
<SwitchC> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 2, specify 10.1.1.1 as the gateway address. On VM 3, specify 10.1.2.1 as the
gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces (including loopback interfaces), as shown in Figure 23.
(Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
# Execute the ospf peer hold-max-cost duration command on the interfaces used for
setting up OSPF neighbor relationships. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable

93
# Disable remote MAC learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Choose one of the following frame match criterion creation methods for dynamic ACs:
 Enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs
on the peer link.
[SwitchA] l2vpn m-lag peer-link ac-match-rule vxlan-mapping
 Use the default setting for dynamic ACs on the peer link to use frame match criteria identical
to those of site-facing ACs.
# Enable EVPN M-LAG, and specify the virtual VTEP address as 1.2.3.4.
[SwitchA] evpn m-lag group 1.2.3.4
# Configure M-LAG system parameters.
[SwitchA] m-lag system-mac 0001-0001-0001
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1
[SwitchA] m-lag restore-delay 180
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation3] quit
# Assign Twenty-FiveGigE 1/0/3 to link aggregation group 3.
[SwitchA] interface twenty-fivegige 1/0/3
[SwitchA-Twenty-FiveGigE1/0/3] port link-aggregation group 3
[SwitchA-Twenty-FiveGigE1/0/3] quit
# Specify Bridge-Aggregation 3 as the peer-link interface and disable static source check.
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port m-lag peer-link 1
[SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchA-Bridge-Aggregation3] quit
# Configure routing settings for Switch A and Switch B to have Layer 3 connectivity.
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0
[SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchA-Vlan-interface100] quit
# Disable spanning tree and static source check on Twenty-FiveGigE 1/0/5.
[SwitchA] interface twenty-fivegige 1/0/5
[SwitchA-Twenty-FiveGigE1/0/5] undo mac-address static source-check enable
[SwitchA-Twenty-FiveGigE1/0/5] undo stp enable
[SwitchA-Twenty-FiveGigE1/0/5] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# Assign Twenty-FiveGigE 1/0/1 to link aggregation group 4.
[SwitchA] interface twenty-fivegige 1/0/1

94
[SwitchA-Twenty-FiveGigE1/0/1] port link-aggregation group 4
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port m-lag group 4
[SwitchA-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# Assign Twenty-FiveGigE 1/0/2 to link aggregation group 5.
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] port link-aggregation group 5
[SwitchA-Twenty-FiveGigE1/0/2] quit
# Assign Bridge-Aggregation 5 to M-LAG group 5.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port m-lag group 5
[SwitchA-Bridge-Aggregation5] quit
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port link-type trunk
[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

95
 [SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port link-type trunk
[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# Exclude interfaces from the shutdown action by M-LAG MAD.
[SwitchA] m-lag mad exclude interface loopback 0
[SwitchA] m-lag mad exclude interface loopback 1
[SwitchA] m-lag mad exclude interface twenty-fivegige 1/0/4
[SwitchA] m-lag mad exclude interface twenty-fivegige 1/0/5
[SwitchA] m-lag mad exclude interface vlan-interface 11
[SwitchA] m-lag mad exclude interface vlan-interface 100

5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Choose one of the following frame match criterion creation methods for dynamic ACs:
 Enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs
on the peer link.
[SwitchB] l2vpn m-lag peer-link ac-match-rule vxlan-mapping
 Use the default setting for dynamic ACs on the peer link to use frame match criteria identical
to those of site-facing ACs.
# Enable EVPN M-LAG, and specify the virtual VTEP address as 1.2.3.4.
[SwitchB] evpn m-lag group 1.2.3.4
# Configure M-LAG system parameters.
[SwitchB] m-lag system-mac 0001-0001-0001
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
[SwitchB] m-lag restore-delay 180
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation3] quit
# Assign Twenty-FiveGigE 1/0/3 to aggregation group 3.
[SwitchB] interface twenty-fivegige 1/0/3
[SwitchB-Twenty-FiveGigE1/0/3] port link-aggregation group 3
[SwitchB-Twenty-FiveGigE1/0/3] quit
# Specify Bridge-Aggregation 3 as the peer-link interface and disable static source check.
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port m-lag peer-link 1

96
[SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchB-Bridge-Aggregation3] quit
# Configure routing settings for Switch A and Switch B to have Layer 3 connectivity.
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface Vlan-interface 100
[SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0
[SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchB-Vlan-interface100] quit
# Disable spanning tree and static source check on Twenty-FiveGigE 1/0/5.
[SwitchB] interface twenty-fivegige 1/0/5
[SwitchB-Twenty-FiveGigE1/0/5] undo mac-address static source-check enable
[SwitchB-Twenty-FiveGigE1/0/5] undo stp enable
[SwitchB-Twenty-FiveGigE1/0/5] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# Assign Twenty-FiveGigE 1/0/1 to aggregation group 4.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-aggregation group 4
[SwitchB-Twenty-FiveGigE1/0/1] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port m-lag group 4
[SwitchB-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# Assign Twenty-FiveGigE 1/0/2 to aggregation group 5.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-aggregation group 5
[SwitchB-Twenty-FiveGigE1/0/2] quit

# Assign Bridge-Aggregation 5 to M-LAG group 5.

[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port m-lag group 5
[SwitchB-Bridge-Aggregation5] quit
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10

97
 [SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port link-type trunk
[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port link-type trunk
[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# Exclude interfaces from the shutdown action by M-LAG MAD.
[SwitchB] m-lag mad exclude interface loopback 0
[SwitchB] m-lag mad exclude interface loopback 1
[SwitchB] m-lag mad exclude interface twenty-fivegige 1/0/4
[SwitchB] m-lag mad exclude interface twenty-fivegige 1/0/5
[SwitchB] m-lag mad exclude interface vlan-interface 12
[SwitchB] m-lag mad exclude interface vlan-interface 100
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning.
[SwitchC] vxlan tunnel mac-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit

98
 # Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes, and configure Switch C as an RR.
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Create VSI-interface 1 and assign it an IP address. The IP address is the gateway address of
VXLAN 10.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Create VSI-interface 2 and assign it an IP address. The IP address is the gateway address of
VXLAN 20.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:

99
 # Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] arp suppression enable
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 4.
[SwitchD] interface twenty-fivegige 1/0/1
[SwitchD-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchD-Twenty-FiveGigE1/0/1] port trunk permit vlan 4
[SwitchD-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchD-Twenty-FiveGigE1/0/1] encapsulation s-vid 4

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchD-Twenty-FiveGigE1/0/1] xconnect vsi vpnb
[SwitchD-Twenty-FiveGigE1/0/1] quit

Verifying the configuration

1. Verify the centralized EVPN gateway settings on Switch C:
# Verify that Switch C has advertised MAC/IP advertisement routes and IMET routes of the
gateway to other devices. Verify that Switch C has received MAC/IP advertisement routes and
IMET routes from Switch A, Switch B, and Switch D. (Details not shown.)
# Verify that the VXLAN tunnel to Switch A and Switch B is up, and the tunnel destination
address is the virtual VTEP address.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never

100
Tunnel source 3.3.3.3, destination 1.2.3.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 4 bytes/sec, 32 bits/sec, 0 packets/sec
Input: 2 packets, 340 bytes, 0 drops
Output: 16 packets, 2793 bytes, 0 drops
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
 For dynamic ACs whose frame match criteria are generated based on VXLAN IDs:
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG3 srv1 0 Up Dynamic (M-LAG)
BAGG4 srv1000 1 Up Manual
BAGG5 srv1000 2 Up Manual
 For dynamic ACs whose frame match criteria are identical to those of site-facing ACs:
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled

101
 Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Auto Disabled
2. Verify the M-LAG settings on Switch A:
# Verify that Switch A has BGP EVPN routes.
[SwitchA] display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 5

Route distinguisher: 1:100

Total number of routes: 5

* > Network : [2][0][48][0800-2700-400e][0][0.0.0.0]/104

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][46b2-aea0-0101][0][0.0.0.0]/104

102
 NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][0][48][ac1e-24e3-0201][0][0.0.0.0]/104

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][1.2.3.4]/80

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][3.3.3.3]/80

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel to Switch C is up, and the tunnel source address is the virtual
VTEP address.
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 1 bytes/sec, 8 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 33 packets, 6121 bytes, 0 drops
# Verify that ACs are automatically created on the peer link and assigned to VSIs.
 For dynamic ACs whose frame match criteria are generated based on VXLAN IDs:
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited

103
 Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG3 srv1 0 Up Dynamic (M-LAG)
BAGG4 srv1000 1 Up Manual
BAGG5 srv1000 2 Up Manual
 For dynamic ACs whose frame match criteria are identical to those of site-facing ACs:
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG3 srv2 1 Up Dynamic (M-LAG)
BAGG5 srv1000 2 Up Manual
BAGG3 srv3 3 Up Dynamic (M-LAG)
3. Verify network connectivity for the VMs:
# Verify that VM 1, VM 2, and VM 3 can communicate when both Switch A and Switch B are
operating correctly. (Details not shown.)
# Verify that VM 1, VM 2, and VM 3 can communicate when Switch A's or Switch B's links to the
local site are disconnected. (Details not shown.)

104
Example: Configuring IPv4 EVPN M-LAG with a tunnel peer
link
Network configuration
As shown in Figure 24, perform the following tasks to make sure the VMs can communicate with one
another:
• Configure VXLAN 10 on Switch A, Switch B, and Switch C, and configure VXLAN 20 on Switch
C and Switch D.
• Configure EVPN M-LAG on Switch A and Switch B to virtualize them into one VTEP. The
switches use a tunnel peer link.
• Create a monitor link group on Switch A and Switch B. Configure the transport-facing interfaces
of S witch A and S witch B as uplink interfaces for the monitor link group, and member interfaces
of M-LAG interfaces as downlink interfaces.
• Configure Switch C as a centralized EVPN gateway and RR.

NOTE:
This example provides configuration of IPv4 sites extended by an IPv4 underlay network. The
configuration procedure does not differ between site or underlay network types.

Figure 24 Network diagram

Vlan-int12

VXLAN tunnel

Procedure
1. Set the VXLAN hardware resource mode on Switch C and reboot it.
[SwitchC] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchC] quit

105
 <SwitchC> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 2, specify 10.1.1.1 as the gateway address. On VM 3, specify 10.1.2.1 as the
gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces (including loopback interfaces), as shown in Figure 24.
(Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
# Execute the ospf peer hold-max-cost duration command on the interfaces used for
setting up OSPF neighbor relationships. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable

# Disable remote MAC learning and remote ARP learning.

[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Enable EVPN M-LAG, and specify the virtual VTEP address as 1.2.3.4.
[SwitchA] evpn m-lag group 1.2.3.4
# Specify the reserved VXLAN as VXLAN 1234.
[SwitchA] reserved vxlan 1234
# Configure M-LAG system parameters.
[SwitchA] m-lag system-mac 0001-0001-0001
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag restore-delay 180
# Create a tunnel to Switch B, and set the ToS of tunneled packets to 100.
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] tunnel tos 100
[SwitchA-Tunnel1] quit
# Exclude Tunnel 1 from the shutdown action by M-LAG MAD.
[SwitchA] m-lag mad exclude interface tunnel 1
# Specify Tunnel 1 as the peer-link interface.
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] port m-lag peer-link 1
[SwitchA-Tunnel1] quit
# Disable spanning tree and static source check on Twenty-FiveGigE 1/0/4.
[SwitchA] interface twenty-fivegige 1/0/4
[SwitchA-Twenty-FiveGigE1/0/4] undo mac-address static source-check enable
[SwitchA-Twenty-FiveGigE1/0/4] undo stp enable

106
[SwitchA-Twenty-FiveGigE1/0/4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# Assign Twenty-FiveGigE 1/0/1 to link aggregation group 4.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-aggregation group 4
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port m-lag group 4
[SwitchA-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# Assign Twenty-FiveGigE 1/0/2 to link aggregation group 5.
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] port link-aggregation group 5
[SwitchA-Twenty-FiveGigE1/0/2] quit

# Assign Bridge-Aggregation 5 to M-LAG group 5.

[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port m-lag group 5
[SwitchA-Bridge-Aggregation5] quit
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port link-type trunk

107
 [SwitchA-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port link-type trunk
[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# Create monitor link group 1 and assign uplink and downlink interfaces to it.
[SwitchA] monitor-link group 1
[SwitchA-mtlk-group1] port twenty-fivegige 1/0/1 downlink
[SwitchA-mtlk-group1] port twenty-fivegige 1/0/2 downlink
[SwitchA-mtlk-group1] port twenty-fivegige 1/0/4 uplink
[SwitchA-mtlk-group1] quit
# Exclude the interfaces used by EVPN from the shutdown action by M-LAG MAD, except the
aggregation member ports.
[SwitchA] m-lag mad exclude interface loopback 0
[SwitchA] m-lag mad exclude interface loopback 1
[SwitchA] m-lag mad exclude interface twenty-fivegige 1/0/4
[SwitchA] m-lag mad exclude interface vlan-interface 11
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Enable EVPN M-LAG, and specify the virtual VTEP address as 1.2.3.4.
[SwitchB] evpn m-lag group 1.2.3.4
# Specify the reserved VXLAN as VXLAN 1234.
[SwitchB] reserved vxlan 1234
# Configure M-LAG system parameters.
[SwitchB] m-lag system-mac 0001-0001-0001
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag restore-delay 180
# Create a tunnel to Switch A, and set the ToS of tunneled packets to 100.
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1

108
[SwitchB-Tunnel1] tunnel tos 100
[SwitchB-Tunnel1] quit
# Exclude Tunnel 1 from the shutdown action by M-LAG MAD.
[SwitchB] m-lag mad exclude interface tunnel 1
# Specify Tunnel 1 as the peer-link interface.
[SwitchB] interface tunnel 1
[SwitchB-Tunnel1] port m-lag peer-link 1
[SwitchB-Tunnel1] quit
# Disable spanning tree and static source check on Twenty-FiveGigE 1/0/4.
[SwitchB] interface twenty-fivegige 1/0/4
[SwitchB-Twenty-FiveGigE1/0/4] undo mac-address static source-check enable
[SwitchB-Twenty-FiveGigE1/0/4] undo stp enable
[SwitchB-Twenty-FiveGigE1/0/4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# Assign Twenty-FiveGigE 1/0/1 to aggregation group 4.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-aggregation group 4
[SwitchB-Twenty-FiveGigE1/0/1] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port m-lag group 4
[SwitchB-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# Assign Twenty-FiveGigE 1/0/2 to aggregation group 5.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-aggregation group 5
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Assign Bridge-Aggregation 5 to M-LAG group 5.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port m-lag group 5
[SwitchB-Bridge-Aggregation5] quit
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10

109
 [SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port link-type trunk
[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port link-type trunk
[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# Create monitor link group 1 and assign uplink and downlink interfaces to it.
[SwitchB] monitor-link group 1
[SwitchB-mtlk-group1] port twenty-fivegige 1/0/1 downlink
[SwitchB-mtlk-group1] port twenty-fivegige 1/0/2 downlink
[SwitchB-mtlk-group1] port twenty-fivegige 1/0/4 uplink
[SwitchB-mtlk-group1] quit
# Exclude the interfaces used by EVPN from the shutdown action by M-LAG MAD, except the
aggregation member ports.
[SwitchB] m-lag mad exclude interface loopback 0
[SwitchB] m-lag mad exclude interface loopback 1
[SwitchB] m-lag mad exclude interface twenty-fivegige 1/0/4
[SwitchB] m-lag mad exclude interface vlan-interface 12
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning.
[SwitchC] vxlan tunnel mac-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.

110
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes, and configure Switch C as an RR.
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Create VSI-interface 1 and assign it an IP address. The IP address is the gateway address of
VXLAN 10.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Create VSI-interface 2 and assign it an IP address. The IP address is the gateway address of
VXLAN 20.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit

111
 # Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] arp suppression enable
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 4.
[SwitchD] interface twenty-fivegige 1/0/1
[SwitchD-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchD-Twenty-FiveGigE1/0/1] port trunk permit vlan 4
[SwitchD-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchD-Twenty-FiveGigE1/0/1] encapsulation s-vid 4

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchD-Twenty-FiveGigE1/0/1] xconnect vsi vpnb
[SwitchD-Twenty-FiveGigE1/0/1] quit

Verifying the configuration

1. Verify the centralized EVPN gateway settings on Switch C:
# Verify that Switch C has advertised MAC/IP advertisement routes and IMET routes of the
gateway to other devices. Verify that Switch C has received MAC/IP advertisement routes and
IMET routes from Switch A, Switch B, and Switch D. (Details not shown.)
# Verify that the VXLAN tunnels to Switch A and Switch B are up, and the device has
established a VXLAN tunnel to Switch A and Switch B with the destination address as the virtual
VTEP address.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP

112
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 2 packets, 84 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 2 packets, 84 bytes, 0 drops

Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.2.3.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 1 packets, 42 bytes, 0 drops

Tunnel3
Current state: UP
Line protocol state: UP
Description: Tunnel3 Interface
Bandwidth: 64 kbps

113
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 1 packets, 42 bytes, 0 drops
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Auto Disabled
Tunnel2 0x5000002 UP Auto Disabled
Tunnel3 0x5000003 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2

114
 VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled

2. Verify the M-LAG settings on Switch A:

# Verify that Switch A has BGP EVPN routes.
[SwitchA] display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 3

Route distinguisher: 1:10

Total number of routes: 5

* >i Network : [2][0][48][7e9a-48e9-0100][32][10.1.1.1]/136

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][1.1.1.1]/80

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][1.2.3.4]/80

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][3.3.3.3]/80

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][2.2.2.2]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

115
# Verify that the VXLAN tunnel to Switch C is up, and the tunnel source address is the virtual
VTEP address.
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 12 bytes/sec, 96 bits/sec, 0 packets/sec
Last 300 seconds output rate: 12 bytes/sec, 96 bits/sec, 0 packets/sec
Input: 239 packets, 25558 bytes, 0 drops
Output: 1241 packets, 109811 bytes, 0 drops
# Verify that ACs are automatically created on the peer link and assigned to VSIs.
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10

116
 Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Down Manual
BAGG5 srv1000 1 Down Manual
3. Verify network connectivity for the VMs:
# Verify that VM 1, VM 2, and VM 3 can communicate when both Switch A and Switch B are
operating correctly. (Details not shown.)
# Verify that VM 1, VM 2, and VM 3 can communicate when Switch A's or Switch B's links to the
local site are disconnected. (Details not shown.)

Example: Configuring IPv4 EVPN multihoming

Network configuration
As shown in Figure 25:
• Configure VXLANs as follows:
 Configure VXLAN 10 on Switch A, Switch B, and Switch C. Configure Switch A and Switch B
as redundant VTEPs for Server 2, and configure Switch B and Switch C as redundant
VTEPs for Server 3.
 Configure VXLAN 20 on Switch C.
• Configure Switch A, Switch B, and Switch C as distributed EVPN gateways.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.
Figure 25 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24

Transport Vlan-int12
netw ork 12.1.1.4/24 VSI-int1
VSI-int1 10.1.1.1/24
10.1.1.1/24 Vlan-int13 VSI-int2
13.1.1.3/24 20.1.1.1/24
Vlan-int11 VSI-int1
Loop0 11.1.1.1/24 Vlan-int12 10.1.1.1/24 Loop0
1.1.1.1/32 12.1.1.2/24 Sw itch C 3.3.3.3/32
Loop0
Sw itch A WGE1/0/2 Sw itch B WGE1/0/1 WGE1/0/2
2.2.2.2/32
WGE1/0/1 WGE1/0/1 WGE1/0/2

ES1 ES2

VLAN 2 VLAN 2 VLAN 2 VLAN 2

V V V V
M M M M
1 2 3 4

10.1.1.10 10.1.1.20 10.1.1.30 20.1.1.10

Server 1 Server 2 Server 3 Server 4

117
Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1, VM 2, and VM 3, specify 10.1.1.1 as the gateway address. On VM 4, specify 20.1.1.1
as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to the interfaces, as shown in Figure 25. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface twenty-fivegige 1/0/1

118
 [SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Assign an ESI to Twenty-FiveGigE 1/0/2.
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] esi 0.0.0.0.1
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 2.
[SwitchA-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 2
# Map Ethernet service instance 2000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit

5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable

119
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Assign an ESI to Twenty-FiveGigE 1/0/1.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] esi 0.0.0.0.1
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 2.
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 2
# Map Ethernet service instance 2000 to VSI vpna.
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# Assign an ESI to Twenty-FiveGigE 1/0/2.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] esi 0.0.0.0.2
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 3000 to match VLAN 2.
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 3000
[SwitchB-Twenty-FiveGigE1/0/2-srv3000] encapsulation s-vid 2
# Map Ethernet service instance 3000 to VSI vpna.
[SwitchB-Twenty-FiveGigE1/0/2-srv3000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/2-srv3000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 2:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit

120
 [SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.

121
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Assign an ESI to Twenty-FiveGigE 1/0/1.
[SwitchC] interface twenty-fivegige 1/0/1
[SwitchC-Twenty-FiveGigE1/0/1] esi 0.0.0.0.2
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 3000 to match VLAN 2.
[SwitchC-Twenty-FiveGigE1/0/1] service-instance 3000
[SwitchC-Twenty-FiveGigE1/0/1-srv3000] encapsulation s-vid 2
# Map Ethernet service instance 3000 to VSI vpna.
[SwitchC-Twenty-FiveGigE1/0/1-srv3000] xconnect vsi vpna
[SwitchC-Twenty-FiveGigE1/0/1-srv3000] quit
[SwitchC-Twenty-FiveGigE1/0/1] quit
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 4000 to match VLAN 3.
[SwitchC] interface twenty-fivegige 1/0/2
[SwitchC-Twenty-FiveGigE1/0/2] service-instance 4000
[SwitchC-Twenty-FiveGigE1/0/2-srv4000] encapsulation s-vid 3

# Map Ethernet service instance 4000 to VSI vpnb.

[SwitchC-Twenty-FiveGigE1/0/2-srv4000] xconnect vsi vpnb
[SwitchC-Twenty-FiveGigE1/0/2-srv4000] quit
[SwitchC-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 3:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit

122
 # Configure VSI-interface 2.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
[SwitchC-Vsi-interface2] mac-address 2-2-2
[SwitchC-Vsi-interface2] distributed-gateway local
[SwitchC-Vsi-interface2] local-proxy-arp enable
[SwitchC-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the EVPN multihoming configuration on Switch C.
# Verify that Switch C has advertised and received the following BGP EVPN routes (details not
shown):
 IP prefix advertisement routes for the gateways.
 IMET routes for VSIs.

123
 MAC/IP advertisement routes.
 Ethernet auto-discovery routes and Ethernet segment routes.
# Verify that Switch C has ECMP routes to VM 2.
<SwitchC> display evpn routing-table vpn-instance l3vpna
Flags: E - with valid ESI A - AD ready L - Local ES exists

VPN instance:l3vpna Local L3VNI:1000

IP address Next hop Outgoing interface NibID Flags
10.1.1.10 1.1.1.1 Vsi-interface3 0x18000001 -
10.1.1.20 2.2.2.2 Vsi-interface3 0x18000000 EA
1.1.1.1 Vsi-interface3 0x18000001 EA
# Verify that Switch C has equal-cost L2VPN MAC address entries for VM 2.
<SwitchC> display l2vpn mac-address
* - The output interface is issued to another VSI
MAC Address State VSI Name Link ID/Name Aging
0001-0001-0010 EVPN vpna Tunnel0 NotAging
0001-0001-0020 EVPN vpna Tunnel0 NotAging
Tunnel1 NotAging
0001-0001-0030 Dynamic vpna WGE1/0/1 Aging
0002-0001-0010 Dynamic vpnb WGE1/0/2 Aging
--- 4 mac address(es) found ---
# Verify that Switch C has EVPN MAC address entries for VM 2.
<SwitchC> display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
A - MAC-authentication P – Multiport/Multicast

VSI name: vpna

EVPN instance: -
MAC address Link ID/Name Flags Encap Next hop
0001-0001-0030 0 DL VXLAN -
0001-0001-0010 Tunnel0 B VXLAN 1.1.1.1
0001-0001-0020 Tunnel0 B VXLAN 1.1.1.1
Tunnel1 B VXLAN 2.2.2.2

VSI name: vpnb

EVPN instance: -
MAC address Link ID/Name Flags Encap Next hop
0002-0001-0010 0 DL VXLAN -
# Verify that Switch C has information about local and remote ESs.
<SwitchC> display evpn es local
Redundancy mode: A - All active, S - Single active

VSI name : vpna

EVPN instance: -
ESI Tag ID DF address Mode State ESI label
0000.0000.0000.0000.0002 - 2.2.2.2 A Up -
<SwitchC> display evpn es remote

124
 Control Flags: P – Primary, B – Backup, C - Control word
VSI name : vpna
EVPN instance: -
ESI : 0000.0000.0000.0000.0001
A-D per ES routes :
Peer IP Remote Redundancy mode
1.1.1.1 All active
2.2.2.2 All active
A-D per EVI routes :
Tag ID Peer IP
- 1.1.1.1
- 2.2.2.2

ESI : 0000.0000.0000.0000.0002
Ethernet segment routes :
2.2.2.2
A-D per ES routes :
Peer IP Remote Redundancy mode
2.2.2.2 All active
A-D per EVI routes :
Tag ID Peer IP
- 2.2.2.2
2. Verify that the VMs can communicate with one another. (Details not shown.)

125
Contents
Configuring EVPN-DCI ········································································· 1
About EVPN-DCI ······························································································································· 1
EVPN-DCI network model············································································································ 1
Working mechanisms ·················································································································· 1
EVPN-DCI dual-homing··············································································································· 1
EVPN-DCI M-LAG ······················································································································ 2
Restrictions and guidelines: EVPN-DCI configuration ·············································································· 3
EVPN-DCI tasks at a glance················································································································ 3
Prerequisites for EVPN-DCI ················································································································ 4
Enabling DCI····································································································································· 4
Configuring an ED to modify BGP EVPN routes ····················································································· 5
Enabling route nexthop replacement and route router MAC replacement ············································ 5
Enabling an ED to replace the L3 VXLAN ID, RD, and route targets of BGP EVPN routes ····················· 6
Suppressing BGP EVPN route advertisement ························································································ 7
Configuring V XLAN mapping··············································································································· 7
Configuring the BGP EVPN address family and the BGP VPNv4 or VPNv6 address family to exchange routes
··········································································································································································· 9
About route exchange ················································································································· 9
Enabling BGP VPNv4 or VPNv6 route advertisement for the BGP EVPN address family ······················· 9
Enabling BGP EVPN route advertisement for the BGP VPNv4 or VPNv6 address family ····················· 10
Configuring EVPN-DCI dual-homing ··································································································· 10
Configuring EVPN-DCI M-LAG ·········································································································· 11
Enabling EVPN-DCI support for cross-VXLAN Layer 2 multicast ····························································· 11
EVPN-DCI configuration examples ····································································································· 12
Example: Configuring a basic EVPN-DCI network·········································································· 12
Example: Configuring EVPN-DCI Layer 3 communication (IPv4 underlay network)····························· 18
Example: Configuring EVPN-DCI Layer 3 communication (IPv6 underlay network)····························· 24
Example: Configuring EVPN-DCI dual-homing ·············································································· 31
Example: Configuring EVPN-DCI M-LAG ····················································································· 41

i
Configuring EVPN-DCI
About EVPN-DCI
EVPN data center interconnect (EVP N-DCI) uses V XLA N-DCI t unnels to provide connectivity for
data centers over an IP transport network.

EVPN-DCI network model

As shown in Figure 1, the EVPN-DCI net work contains V TEPs and edge devices (EDs) located at
the edge of the transport network. A V XLA N tunnel is established between a VTEP and an ED, and
a VXLAN-DCI tunnel is established bet ween two EDs. VXLAN-DCI tunnels use V XLA N
encapsulation. Each E D de-encapsulates incoming V XLAN packets and re -encapsulates them
based on the destination before forwarding the packets through a VXLAN or VXLAN-DCI tunnel.
Figure 1 EVPN-DCI network model
Data center 1 Data center 2

VXLAN netw ork VXLAN netw ork

Core netw ork

VXLAN tunnel VXLAN-DCI tunnel VXLAN tunnel

VTEP ED ED VTEP

VM VM

Server Server

Working mechanisms
In an EVPN-DCI net work, BGP EVPN peer relationships are established between EDs and between
EDs and V TEPs. When advertising routes to a V TEP or another E D, an E D replac es the routes'
nexthop IP address and router MAC address with its IP address and router MAC address.
In an EVP N-DCI net work, a V TEP and an E D use a V XLA N tunnel to send traffic, and t wo E Ds use a
V XLA N-DCI tunnel to send traffic. An E D de-encapsulates incoming V XLA N packets and
re-encapsulates them before forwarding the packets through a VXLAN or VXLAN-DCI tunnel.

EVPN-DCI dual-homing
As shown in Figure 2, EVP N-DCI dual-homing allows you to deploy t wo E Ds at a data center for high
availability and load sharing. To virtualize the redundant E Ds into one device, a virtual E D address is
configured on them. The redundant EDs use the virtual ED address to establish tunnels with VTEPs
and remote EDs.

1
 Figure 2 EVPN-DCI dual-homing
RR RR RR RR
Spine Spine

ED 1 ED 3
DCI
network VTEP
VTEP
Data center 1 Data center 2

ED 2 ED 4

Site 1 Site 2

The redundant EDs use their respective IP addresses as the BGP peer addresses to establish BGP
EVPN neighbor relationships with V TEPs and remote EDs. The V TEPs and remot e E Ds send traffic
destined for the virtual ED address to both of the redundant EDs through the ECMP routes provided
by the underlay network.
The redundant E Ds communicat e with remote data centers through the transport network. Devices
in the dual-homed data center are unaware of the transport network. When the transport-side link
fails on one of the redundant EDs, traffic destined for remot e data cent ers is still sent to that ED. To
resolve this issue, Monitor Link is used together with EVPN-DCI dual-homing.
On each redundant ED, the transport-facing physical interface is associated with the following
loopback interfaces: The loopback interface that provides the IP address used for establishing BGP
EVPN neighbor relationships and the loopback interfac e that provides the virtual ED address. If the
transport-side link fails on a redundant ED, the loopback interfac es are placed in down state, and all
traffic is forwarded by the other redundant ED. For more information about Monitor Link, see High
Availability Configuration Guide.
For link redundancy, deploy multiple RRs on the spine nodes in a data center, and connect each
redundant ED to the transport network through multiple links.

EVPN-DCI M-LAG
IMPORTANT:
To us e this feature, make sure the site net work and the underlay network are both IP v4 networks or
both IPv6 networks.

As shown in Figure 3, you can use multichassis link aggregation (M -LA G) to virtualize two physical
EDs of a data center into a virtual E D to prevent single points of failure from interrupting traffic. For
more information about M-LAG, see Layer 2—LAN Switching Configuration Guide.

2
 Figure 3 EVPN-DCI M-LAG

VXLAN netw ork

VXLAN netw ork Core netw ork

EVPN-DCI M-LAG uses the following mechanisms:

• VM reachability information synchronization—To ensure VM reachability information
consistency in the M-LAG system, the member EDs synchronize MAC address entries and
ARP or ND information with each other over the peer link. The peer link can only be an Ethernet
aggregate link.
• Virtual ED address—The member EDs use a virtual ED address to set up VXLAN tunnels or
VXLAN-DCI tunnels with VTEPs or remote EDs.
• Independent BGP neighbor relationship establishment—The member EDs use different
BGP peer addresses to establish neighbor relationships with remote devices. For load sharing
and link redundancy, a neighbor sends traffic destined for the virtual ED address to both of the
member EDs through ECMP routes of the underlay network.
The member EDs in an M-LAG system communicate with remote data centers through the transport
network. Devices in the dual -homed data center are unaware of the transport network. When the
transport-side link fails on one of the member EDs, traffic destined for remote data centers is still sent
to that ED. To resolve this issue, Monitor Link is used together with EVPN-DCI M-LAG.
On each member ED, the transport-facing physical interface is associated with the following
loopback interfaces: The loopback interface that provides the IP address used for establishing BGP
EVPN neighbor relationships and the loopback interfac e that provides the virtual ED address. If the
transport-side link fails on a member ED, the loopback interfaces are placed in down state, and all
traffic is forwarded by the ot her member ED. For more information about Monitor Link, see High
Availability Configuration Guide.

Restrictions and guidelines: EVPN-DCI

configuration
On an E D, make s ure the VS I int erfaces configured with L3 V XLA N IDs us e the same MAC address.
To modify the MAC address of a VSI interface, use the mac-address command.

EVPN-DCI tasks at a glance

To configure EVPN-DCI, perform the following tasks on EDs:
1. Enabling DCI
2. Configuring an ED to modify BGP EVPN routes

3
 a. Enabling route nexthop replacement and route router MAC replacement
b. (Optional.) Enabling an ED to replace the L3 VXLAN ID, RD, and route targets of BGP
EVPN routes
Use this feature to enable communication between data centers that use different L3
VXLAN IDs or route targets or hide the L3 VXLAN ID of a data center.
3. (Optional.) Suppressing BGP EVPN route advertisement
To reduce the number of BGP EVPN routes on EDs of an EVPN-DCI network, suppress the
advertisement of specific BGP EVPN routes on the EDs.
4. (Optional.) Configuring VXLAN mapping
Perform this task to provide Layer 2 connectivity for a tenant subnet that uses different VXLAN
IDs in multiple data centers.
5. Configuring the BGP EVPN address family and the BGP VPNv4 or VPNv6 address family to
exchange routes
You must perform this task if data centers are interconnected through an MPLS L3VPN
network.
6. (Optional.) Configuring EVPN-DCI dual-homing
7. (Optional.) Configuring EVPN-DCI M-LAG
8. (Optional.) Enabling EVPN-DCI support for cross-VXLAN Layer 2 multicast

Prerequisites for EVPN-DCI

Before you configure EVPN-DCI, complete basic EVPN configuration for each data center. For more
information about basic EVPN configuration, see "Configuring EVPN VXLAN."

Enabling DCI
About this task
For EDs to automatically establish VXLAN-DCI tunnels, you must enable DCI on the Layer 3
interfaces that interconnect the EDs.
An ED establishes VXLAN-DCI tunnels based on BGP EVPN routes. If DCI is disabled on the
outgoing interfaces to remote sites, EDs cannot establish VXLAN-DCI tunnels.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
Subinterfaces of a DCI-enabled interface inherit configuration of the interface.
3. Enable DCI.
dci enable
By default, DCI is disabled on an interface.

4
Configuring an ED to modify BGP EVPN routes
Enabling route nexthop replacement and route router MAC
replacement
1. Enter system view.
system-view
2. Configure a global router ID.
router id router-id
By default, no global router ID is configured.
3. Enable a BGP instance and enter BGP instance view.
bgp as-number [ instance instance-name ]
By default, BGP is disabled, and no BGP instances exist.
4. Specify local VTEPs and remote EDs as BGP peers.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } as-number as-number
5. Create the BGP EVPN address family and enter BGP EVPN address family view.
address-family l2vpn evpn
6. Enable BGP to exchange BGP EVPN routes with a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } enable
By default, BGP does not exchange BGP EVPN routes with peers.
7. Set the local router as the next hop for routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } next-hop-local
The default settings for this command are as follows:
 BGP sets the local router as the next hop for all routes advertised to an EBGP peer or peer
group.
 BGP does not modify the next hop for EBGP routes advertised to an IBGP peer or peer
group.
The peers specified in this task must be VTEPs in the local data center.
8. Enable route router MAC replacement for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } router-mac-local [ dci ]
By default, the device does not modify the router MAC address of routes before advertising the
routes.
This command enables the device to use its router MAC address to replace the router MAC
address of routes received from and advertised to a peer or peer group.
The peers specified in this task must be remote EDs.
If you do not specify the dci keyword, whether the device establishes VXLAN-DCI tunnels with
the peer or peer group depends on the dci enable command configuration in interface view.

5
Enabling an ED to replace the L3 VXLAN ID, RD, and route
targets of BGP EVPN routes
About this task
In an EVPN-DCI net work, use this feature to hide the L3 V XLAN IDs of data centers or enable
communication between data centers that use different L3 VXLAN IDs or route targets.
After you enable this feature on an ED, the ED performs the following operations after receiving BGP
EVPN routes:
1. Matches the route targets of the routes with the import route targets of local VPN instances.
2. Replaces the L3 VXLAN ID, RD, and route targets of the routes with those of the matching local
VPN instance.
3. Advertises the routes to a VTEP or remote ED.
After you execute the peer re-originated command, the ED advertises only reoriginated BGP
EVPN routes. For the ED to advertise both original and reoriginated BGP EVPN routes, execute the
peer advertise original-route command.
An ED configured wit h the peer re-originated and peer advertise original-route
commands advertises both original and reoriginated BGP EVP N routes. For the ED to advertise only
original BGP EVPN routes, execute the peer suppress re-originated command on the ED.

Restrictions and guidelines

If the RD of a received BGP EVPN rout e is identical to the RD of the matching local VPN instance, an
ED does not replace the L3 V XLAN ID and route targets of the route or reoriginate the route. As a
result, the ED does not advertise the route. As a best practice, assign unique RDs to VPN instances
on different EVPN gateways and EDs when you use this feature.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Replace the L3 VXLAN ID, RD, and route targets (optional) of received BGP EVPN routes.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } re-originated [ imet | ip-prefix | mac-ip ]
[ replace-rt ]
By default, the device does not modify the BGP EVPN routes that are received from peers or
peer groups.
5. (Optional.) Enable the device to advertise original BGP EVPN routes together with the
reoriginated BGP EVPN routes after the peer re-originated command is executed.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } advertise original-route
By default, the device advertises only reoriginated BGP EVPN routes to peers and peer groups
after the peer re-originated command is executed.
6. (Optional.) Suppress advertisement of reoriginated BGP EVPN routes to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } suppress re-originated { imet | ip-prefix | mac-ip }

6
 By default, the device advertises reoriginated BGP EVPN routes to peers and peer groups after
the peer re-originated command is executed.

Suppressing BGP EVPN route advertisement

About this task
To reduce the number of BGP EVPN routes on E Ds of an EVPN -DCI net work, suppress the
advertisement of specific BGP EVPN routes on the EDs.
Restrictions and guidelines
If two VS I interfaces on EVPN gat eways of different data centers use t he same IP address, do not
suppress the advertisement of MAC/ IP advertisement rout es on the EDs of the data centers. If you
suppress the advertisement of these routes, the EDs cannot communicate with each other.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Suppress the advertisement of specific BGP EVPN routes to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } advertise evpn-route suppress { ip-prefix | mac-ip }
By default, advertisement of BGP EVPN routes is not suppressed.

Configuring VXLAN mapping

About this task
The V XLAN mapping feat ure provides Layer 2 connectivity for a tenant subnet that uses different
VXLAN IDs in multiple data centers.
If you map a local VXLAN to a remote VXLAN on an ED, the ED processes routes as follows:
• When the ED receives the local VXLAN's MAC/IP advertisement routes from local VTEPs, it
performs the following operations:
 Adds the routes to the local VXLAN.
 Replaces the VXLAN ID of the routes with the remote VXLAN ID and advertises the routes
to remote EDs.
• When the ED receives the remote VXLAN's MAC/IP advertisement routes from a remote data
center, it adds the routes to the local VXLAN.
VXLAN mapping includes the following types:
• Non-intermediate VXLAN mapping—When two data centers use different VXLAN IDs for a
subnet, map the local VXLAN to the remote VXLAN on the ED of one data center. For example,
for VXLAN 10 of data center 1 to communicate with VXLAN 20 of data center 2, map VXLAN 10
to VXLAN 20 on the ED of data center 1.
• Intermediate VXLAN mapping—When multiple data centers use different VXLAN IDs for a
subnet, map the VXLANs to an intermediate VXLAN on all EDs. For example, data center 1
uses VXLAN 10, data center 2 uses VXLAN 20, and data center 3 uses VXLAN 30. To provide
connectivity for the VXLANs, map them to intermediate VXLAN 500 on EDs of the data centers.

7
 You must use intermediate V XLAN mapping if more t han two dat a centers use different V XLA N
IDs. The intermediate V XLA N can be used only for V XLA N mapping, and it cannot be used for
common VXLAN services.
If only Layer 2 connectivity is required between data centers with V XLA N mapping configured, you
can enable E Ds of the data centers to remove the route targets of the VPN instances with L3 V XLA N
IDs associated from BGP EVPN routes for mapped remote V XLA Ns. This prevents remote EDs from
adding the BGP EVPN routes for mapped remote VXLANs to the routing tables of VPN instances.
If the peer re-originated and mapping vni c ommands are used together on an ED, the ED
advertises both original and reoriginated BGP EVP N routes that carry different V XLA N IDs. To avoid
forwarding failure, us e the mapping-vni remove vpn-target command to remove the route
targets of VPN instances from the original BGP EVPN routes. This allows remote EDs to add only
the reoriginated BGP EVPN routes to the routing tables of VPN instances.
Restrictions and guidelines
You must create mapped remote V XLANs on the device, creat e an EVPN instanc e for each remot e
VXLAN, and configure RD and route target settings for the EVPN instances.
When you use VXLAN mapping, follow these route target restrictions:
• EVPN instances and EVPN address family of VPN instances do not have the same export
targets.
• EVPN instances and EVPN address family of the public instance do not have the same export
targets.
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter EVPN instance view.
evpn encapsulation vxlan
4. Map the local VXLAN to a remote VXLAN.
mapping vni vxlan-id
By default, a local VXLAN is not mapped to any remote VXLAN.
The remote VXLAN ID cannot be the reserved VXLAN ID specified by using the reserved
vxlan command or the L3 VXLAN ID specified by using the l3-vni command. For more
information about the reserved vxlan command, see VXLAN Command Reference.
5. (Optional.) Remove the route targets of VPN instances from BGP EVPN routes for mapped
remote VXLANs.
a. Execute the following commands in sequence to return to system view.
quit
quit
b. Enter BGP instance view.
bgp as-number [ instance instance-name ]
c. Enter BGP EVPN address family view.
address-family l2vpn evpn
d. Remove the route targets of VPN instances from BGP EVPN routes for mapped remote
VXLANs.
mapping-vni remove vpn-target
By default, the device does not remove the route targets of VPN instances from BGP EVPN
routes for mapped remote VXLANs.

8
Configuring the BGP EVPN address family and
the BGP VPNv4 or VPNv6 address family to
exchange routes
About route exchange
When dat a centers are interconnected through an MPLS L3VPN network, EVPN EDs also act as
MPLS L3VPN PEs. To enable communic ation between the data centers, you must perform the
following tasks on the EDs:
• Configure both MPLS L3VPN and EVPN.
• Configure the BGP EVPN address family and the BGP VPNv4 or VPNv6 address family to
exchange routes.
Figure 4 Data centers interconnected through an MPLS L3VPN network

Data center 1 Data center 2

VXLAN netw ork VXLAN netw ork

MPLS netw ork

VXLAN tunnel VXLAN-DCI tunnel VXLAN tunnel

VTEP ED ED VTEP

VM VM

Server Server

Enabling BGP VPNv4 or VPNv6 route advertisement for the

BGP EVPN address family
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable BGP VPNv4 or VPNv6 route advertisement for the BGP EVPN address family.
advertise l3vpn route [ replace-rt ][ advertise-policy policy-name ]
By default, BGP VPNv4 or VPNv6 routes are not advertised through the BGP EVPN address
family.
After you execute this command, the device advertises BGP VPNv4 or VPNv6 routes as IP
prefix advertisement routes through the BGP EVPN address family.

9
Enabling BGP EVPN route advertisement for the BGP
VPNv4 or VPNv6 address family
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP VPNv4 address family view or BGP VPNv6 address family view.
address-family { vpnv4 | vpnv6 }
4. Enable BGP EVPN route advertisement for the BGP VPNv4 or VPNv6 address family.
advertise evpn route [ replace-rt ][ advertise-policy policy-name ]
By default, BGP EVPN routes are not advertised through the BGP VPNv4 or VPNv6 address
family.
After you execute this command, the device advertises IP prefix advertisement routes and
MAC/IP advertisement routes that contain host route information through the BGP VPNv4 or
VPNv6 address family.

Configuring EVPN-DCI dual-homing

About this task
For high availability and load sharing, you can deploy two E Ds at a dat a center. To virtualize the
redundant EDs into one device, you must configure the same virtual ED address on them.
Restrictions and guidelines
Do not configure a virtual ED address on the only ED of a data center.
On a redundant ED, the virtual ED address must be the IP address of a loopback interface, and it
cannot be the BGP peer IP address of the ED.
Redundant EDs cannot provide access service for local VMs. They can act only as EDs. For correct
communication, do not redistribute external routes on only one of the redundant EDs. However, you
can redistribute the same external routes on both EDs.
EVPN-DCI dual-homing is mutually exclusive with EVPN distributed relay. Do not use the evpn
edge group and evpn m-lag group commands together.
To use EVP N-DCI dual-homing, make sure the overlay and undelay networks are both IP v4
networks or both IPv6 networks.
If you execute the undo bgp command to disable the BGP instance of the EVPN address family, the
evpn edge group setting will also be delet ed. Make sure you are fully aware of the impact of the
undo bgp command when you use it on a live network.
Procedure
1. Enter system view.
system-view
2. Configure a virtual ED address.
evpn edge group group-ipv4
By default, no virtual ED address is configured.

10
Configuring EVPN-DCI M-LAG
About this task
To set up an M -LAG system with two E Ds, configure a virtual V TEP address on the E Ds. The E Ds
will use the virtual V TEP address to set up V XLA N tunnels or V XLAN -DCI tunnels with VTEPs or
remote EDs.
Restrictions and guidelines
Do not execute the evpn m-lag local command if you have configured EVPN-DCI M-LAG.
When you attach a user site to an M-LAG system, attach it to both M-LAG interfaces in an M-LAG
group. Do not configure single-homed ACs on the member EDs.
Procedure
1. Enter system view.
system-view
2. Specify the virtual VTEP address.
evpn m-lag group { virtual-vtep-ipv4 | virtual-vtep-ipv6 }
By default, EVPN-DCI M-LAG is not configured.
3. Enter BGP instance view.
bgp as-number [ instance instance-name ]
4. Enter BGP EVPN address family view.
address-family l2vpn evpn
5. Enable the device to replace the next hop in advertised BGP EVPN routes with the virtual VTEP
address.
nexthop evpn-m-lag group-address
The default settings are as follows:
 When advertising BGP EVPN routes to an EBGP peer or peer group, the device replaces
the next hop with the IP address of the source interface used to establish BGP sessions.
 When advertising EBGP routes to an IBGP peer or peer group, the device does not modify
the next hop.

Enabling EVPN-DCI support for cross-VXLAN

Layer 2 multicast
About this task
This task enables Layer 2 multicast between two data centers that use different VXLAN IDs.
After you perform this task and execute the mapping vni command on an ED in an EVPN-DCI
network, the ED performs the following operations:
1. Verifies that the route targets in a SMET route received from a remote ED or local VTEP match
the import route targets of the local EVPN instance.
2. Replaces the route targets in the SMET route with those of the EVPN instance that uses the
remote VXLAN ID mapped to the local VXLAN ID.
3. Advertises the SMET route to remote EDs or local VTEPs.
Restrictions and guidelines
This task takes effect only after the mapping vni command is executed.

11
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter EVPN instance view.
evpn encapsulation vxlan
4. Enable SMET route reorigination based on the remote VXLAN IDs in VXLAN mappings.
mapping-vni-based smet
By default, the device does not reoriginate SMET routes based on mapped remote VXLAN IDs.

EVPN-DCI configuration examples

Example: Configuring a basic EVPN-DCI network
Network configuration
As shown in Figure 5:
• Configure VXLAN 10 on Switch A through Switch D to provide connectivity for the VMs in the
data centers.
• Configure Switch A and Switch D as VTEPs, and configure Switch B and Switch C as EDs.

NOTE:
This example provides configuration of IPv4 sites over an IPv4 underlay network. The
configuration procedure does not differ between IPv4 and IPv6 sites or underlay networks.

Figure 5 Network diagram

Loop0 Loop0
Data center 1 2.2.2.2/32 3.3.3.3/32 Data center 2
Sw itch B Sw itch C

Vlan-int11 HGE1/0/1 HGE1/0/1 Vlan-int13

11.1.1.4/24 12.1.1.4/24 12.1.1.3/24 13.1.1.3/24

Vlan-int11 Vlan-int13
Loop0 11.1.1.1/24 13.1.1.4/24 Loop0
1.1.1.1/32 4.4.4.4/32

Sw itch A HGE1/0/1 HGE1/0/1 Sw itch D

V V
M M
1 2

10.1.1.11 10.1.1.22

Server 1 Server 2

Procedure

1. Configure IP addresses and unicast routing settings:

12
 # Assign IP addresses to interfaces, as shown in Figure 5. (Details not shown.)
# Configure OSPF on the transport network for the switches to reach one another. (Details not
shown.)
2. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable

# Disable remote MAC address learning.

[SwitchA] vxlan tunnel mac-learning disable
# Create VXLAN 10 on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
# Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD,
and manually configure a route target for the EVPN instance.
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target 123:456
[SwitchA-vsi-vpna-evpn-vxlan] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 2.2.2.2 as-number 100
[SwitchA-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 100.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 100
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 100
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
3. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning.
[SwitchB] vxlan tunnel mac-learning disable
# Enable DCI on the Layer 3 interface that connects Switch B to Switch C for the switches to
establish a VXLAN-DCI tunnel.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] dci enable
[SwitchB-Twenty-FiveGigE1/0/1] quit

13
 # Create VXLAN 10 on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
# Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD,
and manually configure a route target for the EVPN instance.
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target 123:456
[SwitchB-vsi-vpna-evpn-vxlan] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch A, and enable router MAC replacement for routes advertised t o and
received from Switch C.
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] peer 3.3.3.3 ebgp-max-hop 64
[SwitchB-bgp-default] peer 1.1.1.1 as-number 100
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] peer 3.3.3.3 router-mac-local
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] peer 1.1.1.1 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
4. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning.
[SwitchC] vxlan tunnel mac-learning disable
# Enable DCI on the Layer 3 interface that connects Switch C to Switch B for the switches to
establish a VXLAN-DCI tunnel.
[SwitchC] interface twenty-fivegige 1/0/1
[SwitchC-Twenty-FiveGigE1/0/1] dci enable
[SwitchC-Twenty-FiveGigE1/0/1] quit
# Create VXLAN 10 on VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
# Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD,
and manually configure a route target for the EVPN instance.
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target 123:456
[SwitchC-vsi-vpna-evpn-vxlan] quit
[SwitchC-vsi-vpna] quit

14
 # Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch D, and enable router MAC replacement for routes advertised to and
received from Switch B.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 2.2.2.2 as-number 100
[SwitchC-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchC-bgp-default] peer 2.2.2.2 ebgp-max-hop 64
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchC-bgp-default-evpn] peer 2.2.2.2 router-mac-local
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
5. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable

# Disable remote MAC address learning.

[SwitchD] vxlan tunnel mac-learning disable
# Create VXLAN 10 on VSI vpna.
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
# Creat e an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD,
and manually configure a route target for the EVPN instance.
[SwitchD-vsi-vpna] evpn encapsulation vxlan
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target 123:456
[SwitchD-vsi-vpna-evpn-vxlan] quit
[SwitchD-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface Loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 200.
[SwitchD] interface twenty-fivegige 1/0/1
[SwitchD-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchD-Twenty-FiveGigE1/0/1] port trunk permit vlan 200
[SwitchD-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchD-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 200
# Map Ethernet service instance 1000 to VSI vpna.

15
 [SwitchD-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchD-Twenty-FiveGigE1/0/1-srv1000] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Switch B.)
# Verify that the ED has discovered Switch A and Switch C through IMET routes and has
established VXLAN and VXLAN-DCI tunnels to the switches.
[SwitchB] display evpn auto-discovery imet
Total number of automatically discovered peers: 2

VSI name: vpna

RD PE_address Tunnel_address Tunnel mode VXLAN ID
1:10 1.1.1.1 1.1.1.1 VXLAN 10
1:10 3.3.3.3 3.3.3.3 VXLAN-DCI 10
# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.
[SwitchB] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 2.2.2.2, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 2.2.2.2, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN-DCI/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the VXLAN and VXLAN-DCI tunnels have been assigned to the VXLAN.
[SwitchB] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0

16
 VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 500
# Verify that the ED has generated EVPN MAC address entries for the VMs.
[SwitchB] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

VSI name: vpna

MAC address Link ID/Name Flags Next hop
0001-0001-0011 Tunnel0 B 1.1.1.1
0001-0001-0033 Tunnel1 B 3.3.3.3

2. Verify that VM 1 and VM 2 can communicate. (Details not shown.)

17
Example: Configuring EVPN-DCI Layer 3 communication
(IPv4 underlay network)
Network configuration
As shown in Figure 6:
• Configure VXLAN 10 for data center 1, and configure VXLAN 20 for data center 2.
• Configure Switch A and Switch D as distributed EVPN gateways to perform Layer 3 forwarding
between VXLAN 10 and VXLAN 20.
• Configure Switch B and Switch C as EDs.

NOTE:
This example provides configuration of IPv4 sites. The configuration procedure does not differ
between IPv4 and IPv6 sites.

Figure 6 Network diagram

Loop0 Loop0
Data center 1 2.2.2.2/32 3.3.3.3/32 Data center 2
Sw itch B Sw itch C

Vlan-int11 HGE1/0/1 HGE1/0/1 Vlan-int13

11.1.1.4/24 12.1.1.4/24 12.1.1.3/24 13.1.1.3/24

VSI-int1 VSI-int1
10.1.1.1/24 10.1.2.1/24
Vlan-int11 Vlan-int13
Loop0 11.1.1.1/24 13.1.1.4/24 Loop0
1.1.1.1/32 4.4.4.4/32
Sw itch A HGE1/0/1 HGE1/0/1 Sw itch D

V V
M M
1 2

10.1.1.11 10.1.2.22

Server 1 Server 2

Procedure
1. Set the VXLAN hardware resource mode on Switches A through D and reboot the switches.
This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y

2. Configure IP addresses and unicast routing settings:

18
 # On VM 1, specify 10.1.1.1 as the gateway address. On VM 2, specify 10.1.2.1 as the gateway
address. (Details not shown.)
# Assign IP addresses to interfaces, as shown in Figure 6. (Details not shown.)
# Configure OSPF on the transport network for the switches to reach one another. (Details not
shown.)
3. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create VXLAN 10 on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
# Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 2.2.2.2 as-number 100
[SwitchA-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 100.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 100
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 100
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] address-family ipv4
[SwitchA-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchA-vpn-ipv4-vpn1] quit
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 1:1

19
 [SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# Configure VSI-interface 1 as a distributed gateway.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
4. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch B to Switch C for the switches to
establish a VXLAN-DCI tunnel.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] dci enable
[SwitchB-Twenty-FiveGigE1/0/1] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch A, and enable router MAC replacement for routes advertised t o and
received from Switch C.
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] peer 3.3.3.3 ebgp-max-hop 64
[SwitchB-bgp-default] peer 1.1.1.1 as-number 100
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] peer 3.3.3.3 router-mac-local
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] peer 1.1.1.1 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.

20
 [SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] address-family ipv4
[SwitchB-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchB-vpn-ipv4-vpn1] quit
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 1:1
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] quit
5. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch C to Switch B for the switches to
establish a VXLAN-DCI tunnel.
[SwitchC] interface twenty-fivegige 1/0/1
[SwitchC-Twenty-FiveGigE1/0/1] dci enable
[SwitchC-Twenty-FiveGigE1/0/1] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch D, and enable router MAC replacement for routes advertised to and
received from Switch B.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 2.2.2.2 as-number 100
[SwitchC-bgp-default] peer 2.2.2.2 connect-interface Loopback 0
[SwitchC-bgp-default] peer 2.2.2.2 ebgp-max-hop 64
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface Loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchC-bgp-default-evpn] peer 2.2.2.2 router-mac-local
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3
[SwitchC-vpn-instance-vpn1] address-family ipv4
[SwitchC-vpn-ipv4-vpn1] vpn-target 2:2

21
 [SwitchC-vpn-ipv4-vpn1] quit
[SwitchC-vpn-instance-vpn1] address-family evpn
[SwitchC-vpn-evpn-vpn1] vpn-target 1:1
[SwitchC-vpn-evpn-vpn1] quit
[SwitchC-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] quit
6. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpnb. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20 on VSI vpnb.

[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface Loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 3000 to match VLAN 3.
[SwitchD] interface twenty-fivegige 1/0/1
[SwitchD-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchD-Twenty-FiveGigE1/0/1] port trunk permit vlan 3
[SwitchD-Twenty-FiveGigE1/0/1] service-instance 3000
[SwitchD-Twenty-FiveGigE1/0/1-srv3000] encapsulation s-vid 3

# Map Ethernet service instance 3000 to VSI vpnb.

[SwitchD-Twenty-FiveGigE1/0/1-srv3000] xconnect vsi vpnb
[SwitchD-Twenty-FiveGigE1/0/1-srv3000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchD] ip vpn-instance vpn1

22
 [SwitchD-vpn-instance-vpn1] route-distinguisher 1:4
[SwitchD-vpn-instance-vpn1] address-family ipv4
[SwitchD-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchD-vpn-ipv4-vpn1] quit
[SwitchD-vpn-instance-vpn1] address-family evpn
[SwitchD-vpn-evpn-vpn1] vpn-target 1:1
[SwitchD-vpn-evpn-vpn1] quit
[SwitchD-vpn-instance-vpn1] quit
# Configure VSI-interface 1 as a distributed gateway.
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface1] ip address 10.1.2.1 255.255.255.0
[SwitchD-Vsi-interface1] mac-address 1-2-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnb.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] gateway vsi-interface 1
[SwitchD-vsi-vpnb] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Switch B.)
# Verify that the ED has discovered Switch A and Switch C through MAC/IP advertisement
routes and IP prefix advertisement routes, and has established VXLAN and VXLAN-DCI
tunnels to the switches.
[SwitchB] display evpn auto-discovery macip-prefix
Destination IP Source IP L3VNI Tunnel mode OutgoingInterface
1.1.1.1 2.2.2.2 1000 VXLAN Vsi-interface2
3.3.3.3 2.2.2.2 1000 VXLAN-DCI Vsi-interface2
# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.
[SwitchB] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 2.2.2.2, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

23
 Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 2.2.2.2, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN-DCI/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the ED has routes for the VMs.
[SwitchB] display ip routing-table vpn-instance vpn1
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 BGP 255 0 1.1.1.1 Vsi2
10.1.1.11/32 BGP 255 0 1.1.1.1 Vsi2
10.1.2.0/24 BGP 255 0 3.3.3.3 Vsi2
10.1.2.22/32 BGP 255 0 3.3.3.3 Vsi2
2. Verify that VM 1 and VM 2 can communicate. (Details not shown.)

Example: Configuring EVPN-DCI Layer 3 communication

(IPv6 underlay network)
Network configuration
As shown in Figure 7:
• Configure VXLAN 10 for data center 1, and configure VXLAN 20 for data center 2.
• Configure Switch A and Switch D as distributed EVPN gateways to perform Layer 3 forwarding
between VXLAN 10 and VXLAN 20.
• Configure Switch B and Switch C as EDs.

NOTE:
This example provides configuration of IPv6 sites. The configuration procedure does not differ
between IPv4 and IPv6 sites.

24
 Figure 7 Network diagram

Loop0 Loop0
Data center 1 2.2.2.2/32 3.3.3.3/32 Data center 2
Sw itch B Sw itch C

Vlan-int11 Vlan-int12 Vlan-int12 Vlan-int13

11.1.1.4/24 12.1.1.4/24 12.1.1.3/24 13.1.1.3/24

VSI-int1 VSI-int1
11::1/64 12::1/64
Vlan-int11 Vlan-int13
Loop0 11.1.1.1/24 13.1.1.4/24 Loop0
1.1.1.1/32 4.4.4.4/32
Sw itch A WGE1/0/1 WGE1/0/1 Sw itch D

V V
M M
1 2

11::7/64 12::8/64
Server 1 Server 2

Procedure

1. Configure IPv6 addresses and unicast routing settings:

# On VM 1, specify 10::1 as the gateway address. On VM 2, specify 20::1 as the gateway
address. (Details not shown.)
# Assign IPv6 addresses to interfaces, as shown in Figure 7. (Details not shown.)
# Configure OSPFv3 on the transport network for the switches to reach one another. (Details
not shown.)
2. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel nd-learning disable
# Create VXLAN 10 on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
# Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] router-id 1.1.1.1
[SwitchA-bgp-default] peer 2::2 as-number 100

25
 [SwitchA-bgp-default] peer 2::2 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 2::2 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 100.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 100
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] address-family ipv6
[SwitchA-vpn-ipv6-vpn1] vpn-target 2:2
[SwitchA-vpn-ipv6-vpn1] quit
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 1:1
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# Configure VSI-interface 1 as a distributed gateway.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ipv6 address 10::1 64
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface2] ipv6 address auto link-local
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
3. Configure Switch B:
# Enable L2VPN.
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel nd-learning disable
# Enable DCI on the Layer 3 interface that connects Switch B to Switch C for the switches to
establish a VXLAN-DCI tunnel.

26
 [SwitchB] interface vlan-interface 12
[SwitchB-Vlan-interface12] dci enable
[SwitchB-Vlan-interface12] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch A, and enable router MAC replacement for routes advertised t o and
received from Switch C.
[SwitchB] bgp 100
[SwitchB-bgp-default] router-id 2.2.2.2
[SwitchB-bgp-default] peer 3::3 as-number 200
[SwitchB-bgp-default] peer 3::3 connect-interface loopback 0
[SwitchB-bgp-default] peer 3::3 ebgp-max-hop 64
[SwitchB-bgp-default] peer 1::1 as-number 100
[SwitchB-bgp-default] peer 1::1 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3::3 enable
[SwitchB-bgp-default-evpn] peer 3::3 router-mac-local
[SwitchB-bgp-default-evpn] peer 1::1 enable
[SwitchB-bgp-default-evpn] peer 1::1 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] address-family ipv6
[SwitchB-vpn-ipv6-vpn1] vpn-target 2:2
[SwitchB-vpn-ipv6-vpn1] quit
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 1:1
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] ipv6 address auto link-local
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] quit
4. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel nd-learning disable
# Enable DCI on the Layer 3 interface that connects Switch C to Switch B for the switches to
establish a VXLAN-DCI tunnel.
[SwitchC] interface vlan-interface 12
[SwitchC-Vlan-interface12] dci enable

27
 [SwitchC-Vlan-interface12] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch D, and enable router MAC replacement for routes advertised to and
received from Switch B.
[SwitchC] bgp 200
[SwitchC-bgp-default] router-id 3.3.3.3
[SwitchC-bgp-default] peer 2::2 as-number 100
[SwitchC-bgp-default] peer 2::2 connect-interface Loopback 0
[SwitchC-bgp-default] peer 2::2 ebgp-max-hop 64
[SwitchC-bgp-default] peer 4::4 as-number 200
[SwitchC-bgp-default] peer 4::4 connect-interface Loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 2::2 enable
[SwitchC-bgp-default-evpn] peer 2::2 router-mac-local
[SwitchC-bgp-default-evpn] peer 4::4 enable
[SwitchC-bgp-default-evpn] peer 4::4 next-hop-local
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3
[SwitchC-vpn-instance-vpn1] address-family ipv6
[SwitchC-vpn-ipv6-vpn1] vpn-target 2:2
[SwitchC-vpn-ipv6-vpn1] quit
[SwitchC-vpn-instance-vpn1] address-family evpn
[SwitchC-vpn-evpn-vpn1] vpn-target 1:1
[SwitchC-vpn-evpn-vpn1] quit
[SwitchC-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface2] ipv6 address auto link-local
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] quit
5. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel nd-learning disable
# Create an EVP N instance on VS I vpnb. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto

28
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20 on VSI vpnb.
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] router-id 4.4.4.4
[SwitchD-bgp-default] peer 3::3 as-number 200
[SwitchD-bgp-default] peer 3::3 connect-interface Loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3::3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 3000 to match VLAN 3.
[SwitchD] interface twenty-fivegige 1/0/1
[SwitchD-Twenty-FiveGigE1/0/1] service-instance 3000
[SwitchD-Twenty-FiveGigE1/0/1-srv3000] encapsulation s-vid 3
# Map Ethernet service instance 3000 to VSI vpnb.
[SwitchD-Twenty-FiveGigE1/0/1-srv3000] xconnect vsi vpnb
[SwitchD-Twenty-FiveGigE1/0/1-srv3000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 1:4
[SwitchD-vpn-instance-vpn1] address-family ipv6
[SwitchD-vpn-ipv6-vpn1] vpn-target 2:2
[SwitchD-vpn-ipv6-vpn1] quit
[SwitchD-vpn-instance-vpn1] address-family evpn
[SwitchD-vpn-evpn-vpn1] vpn-target 1:1
[SwitchD-vpn-evpn-vpn1] quit
[SwitchD-vpn-instance-vpn1] quit
# Configure VSI-interface 1 as a distributed gateway.
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface1] ipv6 address 20::1 64
[SwitchD-Vsi-interface1] mac-address 1-2-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface2] ipv6 address auto link-local
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnb.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] gateway vsi-interface 1

29
 [SwitchD-vsi-vpnb] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Switch B.)
# Verify that the ED has discovered Switch A and Switch C through MAC/IP advertisement
routes and IP prefix advertisement routes, and has established VXLAN and VXLAN-DCI
tunnels to the switches.
[SwitchB] display evpn ipv6 auto-discovery macip-prefix
Destination IP : 1::1
Source IP : 2::2
L3VNI : 1000
Tunnel mode : VXLAN
OutInterface : Vsi-interface2

Destination IP : 3::3
Source IP : 2::2
L3VNI : 1000
Tunnel mode : VXLAN-DCI
OutInterface : Vsi-interface2
# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.
[SwitchB] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 2::2, destination 1::1
Tunnel protocol/transport UDP_VXLAN/IPv6
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 2::2, destination 3::3
Tunnel protocol/transport UDP_VXLAN-DCI/IPv6
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops

30
 Output: 0 packets, 0 bytes, 0 drops
# Verify that the ED has routes for the VMs.
[SwitchB] display ipv6 routing-table vpn-instance vpn1

Destinations : 7 Routes : 7

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0

Destination: 10::/64 Protocol : BGP4+

NextHop : 1::1 Preference: 255
Interface : Vsi2 Cost : 0

Destination: 10::11/128 Protocol : BGP4+

NextHop : 1::1 Preference: 255
Interface : Vsi2 Cost : 0

Destination: 20::/64 Protocol : BGP4+

NextHop : 3::3 Preference: 255
Interface : Vsi2 Cost : 0

Destination: 20::22/128 Protocol : BGP4+

NextHop : 3::3 Preference: 255
Interface : Vsi2 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0

Destination: FF00::/8 Protocol : Direct

NextHop : :: Preference: 0
Interface : NULL0
2. Verify that VM 1 and VM 2 can communicate. (Details not shown.)

Example: Configuring EVPN-DCI dual-homing

Network configuration
As shown in Figure 8:
• Configure VXLAN 10 for data center 1, and configure VXLAN 20 for data center 2.
• Configure Switch A and Switch G as distributed EVPN gateways to perform Layer 3 forwarding
between VXLAN 10 and VXLAN 20.
• Configure Switch C and Switch D as EDs of data center 1, and configure Switch F as the ED of
data center 2.
• Configure Switch B as an RR.

31
 NOTE:
This example provides configuration of IPv4 sites over an IPv4 underlay network. The
configuration procedure does not differ between IPv4 and IPv6 sites or underlay networks.

Figure 8 Network diagram

Loop0 Loop0
Data center 1 2.2.2.2/32 6.6.6.6/32 Data center 2
Sw itch B Vlan-int11
11.1.1.2/24
WGE1/0/1
Vlan-int10 Vlan-int11 Vlan-int13 Vlan-int15 Vlan-int16
10.1.1.2/24 11.1.1.3/24 13.1.1.3/24 15.1.1.6/24 16.1.1.6/24
Vlan-int12 Sw itch C Loop0 Sw itch F
VSI-int1 12.1.1.2/24 5.5.5.5/32
100.1.1.1/24 VSI-int1
Vlan-int13 Vlan-int15 100.1.2.1/24
Vlan-int10 13.1.1.5/24 Vlan-int16
Loop0 10.1.1.1/24 15.1.1.5/24
1.1.1.1/32 16.1.1.7/24 Loop0
Loop0 Sw itch E
4.4.4.4/32 7.7.7.7/32
Sw itch A WGE1/0/1 Vlan-int14
Vlan-int12 14.1.1.5/24
12.1.1.4/24
WGE1/0/1 Sw itch G
WGE1/0/1
Vlan-int14
V
14.1.1.4/24 V
M Sw itch D
M
1
2
100.1.1.10
100.1.2.20
Server 1
Server 2

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch C, Switch D, Switch F, and
Switch G, and reboot the switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. Configure IP addresses and unicast routing settings:
# On VM 1, specify 100.1.1.1 as the gateway address. On VM 2, specify 100.1.2.1 as the
gateway address. (Details not shown.)
# Assign IP addresses to the interfaces, as shown in Figure 8. (Details not shown.)
# Configure OSPF for the switches to reach one another. (Details not shown.)
3. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable

32
[SwitchA] vxlan tunnel arp-learning disable
# Create VXLAN 10 on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
# Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 2.2.2.2 as-number 100
[SwitchA-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 100.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 100
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 100
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] address-family ipv4
[SwitchA-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchA-vpn-ipv4-vpn1] quit
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 1:1
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# Configure VSI-interface 1 as a distributed gateway.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.

33
 [SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
4. Configure Switch B as an RR.
<SwitchB> system-view
[SwitchB] bgp 100
[SwitchB-bgp-default] group evpn internal
[SwitchB-bgp-default] peer evpn connect-interface loopback 0
[SwitchB-bgp-default] peer 1.1.1.1 group evpn
[SwitchB-bgp-default] peer 3.3.3.3 group evpn
[SwitchB-bgp-default] peer 4.4.4.4 group evpn
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] undo policy vpn-target
[SwitchB-bgp-default-evpn] peer evpn enable
[SwitchB-bgp-default-evpn] peer evpn reflect-client
[SwitchB-bgp-default-evpn] quit

5. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch C to Switch E for automatic
VXLAN-DCI tunnel establishment.
[SwitchC] interface twenty-fivegige 1/0/1
[SwitchC-Twenty-FiveGigE1/0/1] dci enable
[SwitchC-Twenty-FiveGigE1/0/1] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch B, and enable router MAC replacement for routes advertised t o and
received from Switch F.
[SwitchC] bgp 100
[SwitchC-bgp-default] peer 6.6.6.6 as-number 200
[SwitchC-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchC-bgp-default] peer 6.6.6.6 ebgp-max-hop 64
[SwitchC-bgp-default] peer 2.2.2.2 as-number 100
[SwitchC-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchC-bgp-default-evpn] peer 6.6.6.6 router-mac-local
[SwitchC-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchC-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[SwitchC-bgp-default-evpn] quit

34
 [SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchC-vpn-instance-vpn1] address-family ipv4
[SwitchC-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchC-vpn-ipv4-vpn1] quit
[SwitchC-vpn-instance-vpn1] address-family evpn
[SwitchC-vpn-evpn-vpn1] vpn-target 1:1
[SwitchC-vpn-evpn-vpn1] quit
[SwitchC-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] mac-address 1-2-3
[SwitchC-Vsi-interface2] quit
# Configure 1.2.3.4 as the virtual ED address, and assign the IP address to Loopback 2.
Configure OSPF to advertise the virtual ED address.
[SwitchC] evpn edge group 1.2.3.4
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip address 1.2.3.4 32
[SwitchC-LoopBack2] quit
[SwitchC] ospf
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# Configure monitor link group 1 to associate Twenty-FiveGigE 1/0/1 with Loopback 0 and
Loopback 2. Set the switchover delay for the downlink interface to 90 seconds.
[SwitchC] undo monitor-link disable
[SwitchC] monitor-link group 1
[SwitchC-mtlk-group1] port twenty-fivegige 1/0/1 uplink
[SwitchC-mtlk-group1] port loopback 0 downlink
[SwitchC-mtlk-group1] port loopback 2 downlink
[SwitchC-mtlk-group1] downlink up-delay 90
[SwitchC-mtlk-group1] quit
6. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch D to Switch E for automatic
VXLAN-DCI tunnel establishment.
[SwitchD] interface twenty-fivegige 1/0/1

35
[SwitchD-Twenty-FiveGigE1/0/1] dci enable
[SwitchD-Twenty-FiveGigE1/0/1] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch B, and enable router MAC replacement for routes advertised t o and
received from Switch F.
[SwitchD] bgp 100
[SwitchD-bgp-default] peer 6.6.6.6 as-number 200
[SwitchD-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchD-bgp-default] peer 6.6.6.6 ebgp-max-hop 64
[SwitchD-bgp-default] peer 2.2.2.2 as-number 100
[SwitchD-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchD-bgp-default-evpn] peer 6.6.6.6 router-mac-local
[SwitchD-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchD-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchD-vpn-instance-vpn1] address-family ipv4
[SwitchD-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchD-vpn-ipv4-vpn1] quit
[SwitchD-vpn-instance-vpn1] address-family evpn
[SwitchD-vpn-evpn-vpn1] vpn-target 1:1
[SwitchD-vpn-evpn-vpn1] quit
[SwitchD-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] mac-address 1-2-3
[SwitchD-Vsi-interface2] quit
# Configure 1.2.3.4 as the virtual ED address, and assign the IP address to Loopback 2.
Configure OSPF to advertise the virtual ED address.
[SwitchD] evpn edge group 1.2.3.4
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip address 1.2.3.4 32
[SwitchD-LoopBack2] quit
[SwitchD] ospf
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# Configure monitor link group 1 to associate Twenty-FiveGigE 1/0/1 with Loopback 0 and
Loopback 2. Set the switchover delay for the downlink interface to 90 seconds.
[SwitchD] undo monitor-link disable

36
 [SwitchD] monitor-link group 1
[SwitchD-mtlk-group1] port twenty-fivegige 1/0/1 uplink
[SwitchD-mtlk-group1] port loopback 0 downlink
[SwitchD-mtlk-group1] port loopback 2 downlink
[SwitchD-mtlk-group1] downlink up-delay 90
[SwitchD-mtlk-group1] quit
7. Configure Switch F:
# Enable L2VPN.
<SwitchF> system-view
[SwitchF] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch F to Switch E for automatic
VXLAN-DCI tunnel establishment.
[SwitchF] interface twenty-fivegige 1/0/1
[SwitchF-Twenty-FiveGigE1/0/1] dci enable
[SwitchF-Twenty-FiveGigE1/0/1] quit
# Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch G, and enable router MA C replacement for rout es advertised to and
received from Switch C and Switch D.
[SwitchF] bgp 200
[SwitchF-bgp-default] peer 3.3.3.3 as-number 100
[SwitchF-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchF-bgp-default] peer 3.3.3.3 ebgp-max-hop 64
[SwitchF-bgp-default] peer 4.4.4.4 as-number 100
[SwitchF-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchF-bgp-default] peer 4.4.4.4 ebgp-max-hop 64
[SwitchF-bgp-default] peer 7.7.7.7 as-number 200
[SwitchF-bgp-default] peer 7.7.7.7 connect-interface loopback 0
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchF-bgp-default-evpn] peer 3.3.3.3 router-mac-local
[SwitchF-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchF-bgp-default-evpn] peer 4.4.4.4 router-mac-local
[SwitchF-bgp-default-evpn] peer 7.7.7.7 enable
[SwitchF-bgp-default-evpn] peer 7.7.7.7 next-hop-local
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchF] ip vpn-instance vpn1
[SwitchF-vpn-instance-vpn1] route-distinguisher 1:4
[SwitchF-vpn-instance-vpn1] address-family ipv4
[SwitchF-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchF-vpn-ipv4-vpn1] quit
[SwitchF-vpn-instance-vpn1] address-family evpn
[SwitchF-vpn-evpn-vpn1] vpn-target 1:1
[SwitchF-vpn-evpn-vpn1] quit

37
 [SwitchF-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] quit
8. Configure Switch G:
# Enable L2VPN.
<SwitchG> system-view
[SwitchG] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchG] vxlan tunnel mac-learning disable
[SwitchG] vxlan tunnel arp-learning disable
# Create VXLAN 20 on VSI vpnb.
[SwitchG] vsi vpnb
[SwitchG-vsi-vpnb] vxlan 20
[SwitchG-vsi-vpnb-vxlan-20] quit
# Create an EVPN instance on VSI vpnb. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchG-vsi-vpnb] evpn encapsulation vxlan
[SwitchG-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchG-vsi-vpnb-evpn-vxlan] quit
[SwitchG-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchG] bgp 200
[SwitchG-bgp-default] peer 6.6.6.6 as-number 200
[SwitchG-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 200.
[SwitchG] interface twenty-fivegige 1/0/1
[SwitchG-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchG-Twenty-FiveGigE1/0/1] port trunk permit vlan 200
[SwitchG-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchG-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 200
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchG-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchG-Twenty-FiveGigE1/0/1-srv2000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchG] ip vpn-instance vpn1
[SwitchG-vpn-instance-vpn1] route-distinguisher 1:5
[SwitchG-vpn-instance-vpn1] address-family ipv4
[SwitchG-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchG-vpn-ipv4-vpn1] quit

38
 [SwitchG-vpn-instance-vpn1] address-family evpn
[SwitchG-vpn-evpn-vpn1] vpn-target 1:1
[SwitchG-vpn-evpn-vpn1] quit
[SwitchG-vpn-instance-vpn1] quit
# Configure VSI-interface 1 as a distributed gateway.
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface1] ip address 100.1.2.1 255.255.255.0
[SwitchG-Vsi-interface1] mac-address 2-2-2
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface2] l3-vni 1000
[SwitchG-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnb.
[SwitchG] vsi vpnb
[SwitchG-vsi-vpnb] gateway vsi-interface 1
[SwitchG-vsi-vpnb] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Switch C.)
# Verify that the ED has discovered Switch A and Switch F through MAC/IP advertisement
routes and IP prefix advertisement routes, and has established VXLAN and VXLAN-DCI
tunnels to the switches.
[SwitchC] display evpn auto-discovery macip-prefix
Destination IP Source IP L3VNI Tunnel mode OutInterface
1.1.1.1 1.2.3.4 1000 VXLAN Vsi-interface2
6.6.6.6 1.2.3.4 1000 VXLAN-DCI Vsi-interface2
# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1

39
 Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 6.6.6.6
Tunnel protocol/transport UDP_VXLAN-DCI/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the ED has routes for the VMs.
[SwitchC] display ip routing-table vpn-instance vpn1
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 BGP 255 0 1.1.1.1 Vsi2
100.1.1.10/32 BGP 255 0 1.1.1.1 Vsi2
100.1.2.0/24 BGP 255 0 6.6.6.6 Vsi2
100.1.2.20/32 BGP 255 0 6.6.6.6 Vsi2

2. Verify the configuration on Switch A:

# Verify that the switch has discovered the virtual ED through MAC/IP advertisement routes and
IP prefix advertisement routes, and has established a VXLAN tunnel to the virtual ED.
[SwitchA] display evpn auto-discovery macip-prefix
Destination IP Source IP L3VNI Tunnel mode OutInterface
1.2.3.4 1.1.1.1 1000 VXLAN Vsi-interface2
# Verify that the VXLAN tunnel on the switch is up.
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 1.2.3.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the switch has routes for the VMs.
[SwitchA] display ip routing-table vpn-instance vpn1
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost NextHop Interface
100.1.2.0/24 BGP 255 0 1.2.3.4 Vsi2

40
 100.1.2.10/32 BGP 255 0 1.2.3.4 Vsi2
3. Verify that VM 1 and VM 2 can communicate when both Switch C and Switch D are working
correctly and when Switch C or Switch D fails. (Details not shown.)

Example: Configuring EVPN-DCI M-LAG

Network configuration
As shown in Figure 9:
• Configure VXLAN 10 for data center 1, and configure VXLAN 20 for data center 2.
• Configure Switch A and Switch G as distributed EVPN gateways to perform Layer 3 forwarding
between VXLAN 10 and VXLAN 20.
• For data center 1, configure Switch C and Switch D as EDs and use M-LAG to virtualize them
into one device.
• For data center 2, configure Switch F as an ED.
• Configure Switch B as an RR.
Figure 9 Network diagram

Vlan-int12 Vlan-int11

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, Switch C, Switch D, Switch F,
and Switch G, and reboot the switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y

41
2. Configure IP addresses and unicast routing settings:
# On VM 1, specify 100.1.1.1 as the gateway address. On VM 2, specify 100.1.2.1 as the
gateway address. (Details not shown.)
# Assign IP addresses to interfaces, as shown in Figure 9. (Details not shown.)
# Configure OSPF for the switches to reach one another. (Details not shown.)
3. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create VXLAN 10 on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
# Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 2.2.2.2 as-number 100
[SwitchA-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 100.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 100
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] address-family ipv4
[SwitchA-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchA-vpn-ipv4-vpn1] quit
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 1:1
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit

42
 # Configure VSI-interface 1 as a distributed gateway.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
4. Configure Switch B as an RR.
<SwitchB> system-view
[SwitchB] bgp 100
[SwitchB-bgp-default] group evpn internal
[SwitchB-bgp-default] peer evpn connect-interface loopback 0
[SwitchB-bgp-default] peer 1.1.1.1 group evpn
[SwitchB-bgp-default] peer 3.3.3.3 group evpn
[SwitchB-bgp-default] peer 4.4.4.4 group evpn
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] undo policy vpn-target
[SwitchB-bgp-default-evpn] peer evpn enable
[SwitchB-bgp-default-evpn] peer evpn reflect-client
[SwitchB-bgp-default-evpn] quit

5. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch C to Switch E for automatic
VXLAN-DCI tunnel establishment.
[SwitchC] interface vlan-interface 13
[SwitchC-Vlan-interface13] dci enable
[SwitchC-Vlan-interface13] quit
# Specify the virtual VTEP address as 1.2.3.4.
[SwitchA] evpn m-lag group 1.2.3.4
# Configure M-LAG system parameters.
[SwitchC] m-lag system-mac 0001-0001-0001
[SwitchC] m-lag system-number 1
[SwitchC] m-lag system-priority 10

43
[SwitchC] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
[SwitchC] m-lag restore-delay 180
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[SwitchC] interface bridge-aggregation 3
[SwitchC-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation3] quit
# Assign Twenty-FiveGigE 1/0/3 to aggregation group 3.
[SwitchC] interface twenty-fivegige 1/0/3
[SwitchC-Twenty-FiveGigE1/0/3] port link-aggregation group 3
[SwitchC-Twenty-FiveGigE1/0/3] quit
# Specify Bridge-Aggregation 3 as the peer-link interface.
[SwitchC] interface bridge-aggregation 3
[SwitchC-Bridge-Aggregation3] port m-lag peer-link 1
[SwitchC-Bridge-Aggregation3] quit
# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes
advertised to Switch B, and enable router MAC replacement for routes advertised to and
received from Switch F.
[SwitchC] bgp 100
[SwitchC-bgp-default] peer 6.6.6.6 as-number 200
[SwitchC-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchC-bgp-default] peer 6.6.6.6 ebgp-max-hop 64
[SwitchC-bgp-default] peer 2.2.2.2 as-number 100
[SwitchC-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchC-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchC-bgp-default-evpn] peer 6.6.6.6 router-mac-local
[SwitchC-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchC-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchC-vpn-instance-vpn1] address-family ipv4
[SwitchC-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchC-vpn-ipv4-vpn1] quit
[SwitchC-vpn-instance-vpn1] address-family evpn
[SwitchC-vpn-evpn-vpn1] vpn-target 1:1
[SwitchC-vpn-evpn-vpn1] quit
[SwitchC-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] mac-address 1-2-3
[SwitchC-Vsi-interface2] quit

44
 # Configure monitor link group 1 to associate Twenty-FiveGigE 1/0/1 with Loopback 0 and
Loopback 2. Set the switchover delay for the downlink interface to 90 seconds.
[SwitchC] undo monitor-link disable
[SwitchC] monitor-link group 1
[SwitchC-mtlk-group1] port twenty-fivegige 1/0/1 uplink
[SwitchC-mtlk-group1] port loopback 0 downlink
[SwitchC-mtlk-group1] port loopback 2 downlink
[SwitchC-mtlk-group1] downlink up-delay 90
[SwitchC-mtlk-group1] quit

6. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch D to Switch E for automatic
VXLAN-DCI tunnel establishment.
[SwitchD] interface vlan-interface 14
[SwitchD-Vlan-interface14] dci enable
[SwitchD-Vlan-interface14] quit
# Specify the virtual VTEP address as 1.2.3.4.
[SwitchD] evpn m-lag group 1.2.3.4
# Configure M-LAG system parameters.
[SwitchD] m-lag system-mac 0001-0001-0001
[SwitchD] m-lag system-number 2
[SwitchD] m-lag system-priority 10
[SwitchD] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
[SwitchD] m-lag restore-delay 180
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[SwitchD] interface bridge-aggregation 3
[SwitchD-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation3] quit
# Assign Twenty-FiveGigE 1/0/3 to link aggregation group 3.
[SwitchD] interface twenty-fivegige 1/0/3
[SwitchD-Twenty-FiveGigE1/0/3] port link-aggregation group 3
[SwitchD-Twenty-FiveGigE1/0/3] quit
# Specify Bridge-Aggregation 3 as the peer-link interface.
[SwitchD] interface bridge-aggregation 3
[SwitchD-Bridge-Aggregation3] port m-lag peer-link 1
[SwitchD-Bridge-Aggregation3] quit
# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes
advertised to Switch B, and enable router MAC replacement for routes advertised to and
received from Switch F.
[SwitchD] bgp 100
[SwitchD-bgp-default] peer 6.6.6.6 as-number 200
[SwitchD-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchD-bgp-default] peer 6.6.6.6 ebgp-max-hop 64

45
 [SwitchD-bgp-default] peer 2.2.2.2 as-number 100
[SwitchD-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchD-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchD-bgp-default-evpn] peer 6.6.6.6 router-mac-local
[SwitchD-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchD-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchD-vpn-instance-vpn1] address-family ipv4
[SwitchD-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchD-vpn-ipv4-vpn1] quit
[SwitchD-vpn-instance-vpn1] address-family evpn
[SwitchD-vpn-evpn-vpn1] vpn-target 1:1
[SwitchD-vpn-evpn-vpn1] quit
[SwitchD-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] mac-address 1-2-3
[SwitchD-Vsi-interface2] quit
# Configure monitor link group 1 to associate Twenty-FiveGigE 1/0/1 with Loopback 0 and
Loopback 2. Set the switchover delay for the downlink interface to 90 seconds.
[SwitchD] undo monitor-link disable
[SwitchD] monitor-link group 1
[SwitchD-mtlk-group1] port twenty-fivegige 1/0/1 uplink
[SwitchD-mtlk-group1] port loopback 0 downlink
[SwitchD-mtlk-group1] port loopback 2 downlink
[SwitchD-mtlk-group1] downlink up-delay 90
[SwitchD-mtlk-group1] quit
7. Configure Switch F:
# Enable L2VPN.
<SwitchF> system-view
[SwitchF] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# Enable DCI on the Layer 3 interface that connects Switch F to Switch E for automatic
VXLAN-DCI tunnel establishment.
[SwitchF] interface vlan-interface 15
[SwitchF-Vlan-interface15] dci enable
[SwitchF-Vlan-interface15] quit

46
 # Configure BGP to advertise BGP EVPN rout es. Enable nexthop replacement for routes
advertised to Switch G, and enable router MA C replacement for rout es advertised to and
received from Switch C and Switch D.
[SwitchF] bgp 200
[SwitchF-bgp-default] peer 3.3.3.3 as-number 100
[SwitchF-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchF-bgp-default] peer 3.3.3.3 ebgp-max-hop 64
[SwitchF-bgp-default] peer 4.4.4.4 as-number 100
[SwitchF-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchF-bgp-default] peer 4.4.4.4 ebgp-max-hop 64
[SwitchF-bgp-default] peer 7.7.7.7 as-number 200
[SwitchF-bgp-default] peer 7.7.7.7 connect-interface loopback 0
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchF-bgp-default-evpn] peer 3.3.3.3 router-mac-local
[SwitchF-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchF-bgp-default-evpn] peer 4.4.4.4 router-mac-local
[SwitchF-bgp-default-evpn] peer 7.7.7.7 enable
[SwitchF-bgp-default-evpn] peer 7.7.7.7 next-hop-local
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchF] ip vpn-instance vpn1
[SwitchF-vpn-instance-vpn1] route-distinguisher 1:4
[SwitchF-vpn-instance-vpn1] address-family ipv4
[SwitchF-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchF-vpn-ipv4-vpn1] quit
[SwitchF-vpn-instance-vpn1] address-family evpn
[SwitchF-vpn-evpn-vpn1] vpn-target 1:1
[SwitchF-vpn-evpn-vpn1] quit
[SwitchF-vpn-instance-vpn1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] quit
8. Configure Switch G:
# Enable L2VPN.
<SwitchG> system-view
[SwitchG] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchG] vxlan tunnel mac-learning disable
[SwitchG] vxlan tunnel arp-learning disable
# Create VXLAN 20 on VSI vpnb.
[SwitchG] vsi vpnb
[SwitchG-vsi-vpnb] vxlan 20
[SwitchG-vsi-vpnb-vxlan-20] quit

47
# Create an EVPN instance on VSI vpnb. Configure the switch to automatically generate an RD
and a route target for the EVPN instance.
[SwitchG-vsi-vpnb] evpn encapsulation vxlan
[SwitchG-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchG-vsi-vpnb-evpn-vxlan] quit
[SwitchG-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchG] bgp 200
[SwitchG-bgp-default] peer 6.6.6.6 as-number 200
[SwitchG-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 200.
[SwitchG] interface twenty-fivegige 1/0/1
[SwitchG-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchG-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 200
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchG-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchG-Twenty-FiveGigE1/0/1-srv2000] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchG] ip vpn-instance vpn1
[SwitchG-vpn-instance-vpn1] route-distinguisher 1:4
[SwitchG-vpn-instance-vpn1] address-family ipv4
[SwitchG-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchG-vpn-ipv4-vpn1] quit
[SwitchG-vpn-instance-vpn1] address-family evpn
[SwitchG-vpn-evpn-vpn1] vpn-target 1:1
[SwitchG-vpn-evpn-vpn1] quit
[SwitchG-vpn-instance-vpn1] quit
# Configure VSI-interface 1 as a distributed gateway.
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface1] ip address 100.1.2.1 255.255.255.0
[SwitchG-Vsi-interface1] mac-address 2-2-2
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface2] l3-vni 1000
[SwitchG-Vsi-interface2] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnb.
[SwitchG] vsi vpnb
[SwitchG-vsi-vpnb] gateway vsi-interface 1

48
 [SwitchG-vsi-vpnb] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Switch C.)
# Verify that the ED has discovered Switch A and Switch F through MAC/IP advertisement
routes and IP prefix advertisement routes, and has established VXLAN and VXLAN-DCI
tunnels to the switches.
[SwitchC] display evpn auto-discovery macip-prefix
Destination IP Source IP L3VNI Tunnel mode OutInterface
1.1.1.1 3.3.3.3 1000 VXLAN Vsi-interface2
6.6.6.6 3.3.3.3 1000 VXLAN-DCI Vsi-interface2
# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 6.6.6.6
Tunnel protocol/transport UDP_VXLAN-DCI/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the ED has ARP entries and routes for the VMs.
[SwitchC] display ip routing-table vpn-instance vpn1
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 BGP 255 0 1.1.1.1 Vsi2
100.1.1.10/32 BGP 255 0 1.1.1.1 Vsi2
100.1.2.0/24 BGP 255 0 6.6.6.6 Vsi2

49
 100.1.2.20/32 BGP 255 0 6.6.6.6 Vsi2
2. Verify the configuration on Switch A:
# Verify that the switch has discovered the virtual ED through MAC/IP advertisement routes and
IP prefix advertisement routes, and has established a VXLAN tunnel to the virtual ED.
[SwitchA] display evpn auto-discovery macip-prefix
Destination IP Source IP L3VNI Tunnel mode OutInterface
1.2.3.4 1.1.1.1 1000 VXLAN Vsi-interface2
# Verify that the VXLAN tunnel on the switch is up.
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 1.2.3.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the switch has ARP entries and routes for the VMs.
[SwitchA] display ip routing-table vpn-instance vpn1
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost NextHop Interface
100.1.2.0/24 BGP 255 0 1.2.3.4 Vsi2
100.1.2.10/32 BGP 255 0 1.2.3.4 Vsi2
3. Verify that VM 1 and VM 2 can communicate when both Switch C and Switch D are working
correctly and when Switch C or Switch D fails. (Details not shown.)

50
Contents
MVXLAN overview ·············································································· 1
Restrictions and guidelines: MVXLAN configuration ···············································································1
MVXLAN modes ·······························································································································1
Ingress replication MVXLAN ···············································································································1
Network model ···························································································································1
Working mechanism···················································································································2
MDT MVXLAN ··································································································································3
Benefits ····································································································································3
Network model ···························································································································3
Basic concepts ··························································································································3
MP-BGP extension for MVXLAN ··································································································4
Automatic MVXLAN tunnel establishment and assignment ·······························································4
Default MDT establishment··········································································································4
Default MDT-based transmission··································································································5
MDT switchover ·························································································································6
M-LAG in MVXLAN·····················································································································7
Layer 3 multicast in DCI scenarios································································································8
Layer 3 multicast in DCI multihoming scenarios ············································································ 11
Configuring ingress replication MVXLAN··············································· 13
Restrictions and guidelines: Multicast source location··········································································· 13
Ingress replication MVXLAN tasks at a glance····················································································· 13
Enabling IP multicast routing for a VPN instance ················································································· 13
Creating an MVXLAN ······················································································································· 14
Configuring a VSI interface as a distributed designated router interface ·················································· 14
Ingress replication MVXLAN configuration examples ············································································ 15
Example: Configuring an ingress replication MVXLAN ··································································· 15
Configuring MDT-based MVXLAN ······················································· 20
MDT-based MVXLAN tasks at a glance······························································································ 20
Restrictions: IGMP proxying configuration··························································································· 20
Enabling IP multicast routing for a VPN instance ················································································· 21
Creating an MVXLAN ······················································································································· 21
Configuring a default group ··············································································································· 21
Specifying the MVXLAN source interface···························································································· 22
Configuring MDT switchover parameters ···························································································· 23
Configuring a VSI interface as a distributed designated router interface ·················································· 23
Configuring an MVXLAN extranet RPF selection policy········································································· 24
Configuring M-LAG in MVXLAN ········································································································· 26
Configuring DCI Layer 3 multicast ····································································································· 27
About this task························································································································· 27
Restrictions and guidelines ········································································································ 28
Configuring an ED ···················································································································· 28
Configuring a VTEP ·················································································································· 28
Configuring an ED group for DCI Layer 3 multicast ·············································································· 29
Display and maintenance commands for MDT-based MVXLAN······························································ 30
MDT-based MVXLAN configuration examples ····················································································· 31
Example: Configuring intra-VPN MVXLAN Layer 3 multicast forwarding (IPv4 site network) ················ 31
Example: Configuring intra-VPN MVXLAN Layer 3 multicast forwarding (IPv6 site network) ················ 43
Example: Configuring MVXLAN extranet on the receiver VPN instance for symmetrically configured
extranet ·································································································································· 55
Example: Configuring MVXLAN extranet on the receiver VPN instance for asymmetrically configured
extranet ·································································································································· 70
Example: Configuring MVXLAN extranet with receivers on both VPNs and the public network············· 83
Example: Configuring M-LAG in MVXLAN with an Ethernet aggregate link as the peer link ················· 97
Example: Configuring DCI Layer 3 multicast without L3 VXLAN ID mapping ··································· 124

i
Example: Configuring DCI Layer 3 multicast with multiple L3 VXLAN IDs mapped to the same
intermediate L3 VXLAN ID ······································································································· 138
Example: Configuring DCI Layer 3 multicast with multiple L3 VXLAN IDs mapped to different intermediate
L3 VXLAN IDs························································································································ 162
Example: Configuring Layer 3 multicast without L3 VXLAN ID mapping in a DCI multihoming scenario
······························································································································································· 187

ii
MVXLAN overview
Multicast V XLA N (MV XLAN) transmits multicast traffic from a multicast source to multicast receivers
in a VXLAN or EVPN VXLAN network.

Restrictions and guidelines: MVXLAN

configuration
MVXLAN supports only IPv4 underlay networks in the current software version.

MVXLAN modes
MVXLAN supports the following traffic transmission modes:
• Ingress replication—Used for forwarding multicast traffic of multiple VPN instances in a
VXLAN network. This mode supports only IPv4 site networks.
• Multicast distribution tree (MDT)—Used for forwarding multicast traffic in an EVPN V XLA N
network. This mode supports both IP v4 and IP v6 site networks. This document uses the IP v4
site network as an example to describe the operating mec hanism of MV XLA N. The operating
mechanism of MVXLAN in an IPv6 site network is similar.

Ingress replication MVXLAN

Network model
Figure 1 shows a typical MV XLA N network that uses ingress replication. In the network, the border
devic e is attached to multiple sources, and the VTEPs are attached to multicast receivers. V XLA N
tunnels are manually established between the border device and the VTEPs and assigned to
V XLA Ns. When receiving multicast packets, the border devic e identifies the VPN instanc e to which
the packets belong and forwards them to the VTEPs configured with the VPN instance. Then, the
VTEPs forward the multicast packets to the attached multicast receivers in the VPN instance.

1
 Figure 1 Ingress replication MVXLAN network model

Source 1 Source 2
VPN A VPN B

Border

VXLAN netw ork

VTEP 1 VTEP 2
VXLAN tunnel

VPN B VPN A
VPN A

Receiver 1 Receiver 2 Receiver 3 Receiver 4

VXLAN 10 VXLAN 10 VXLAN 20 VXLAN 10

Working mechanism
Ingress replication MVXLAN requires the following configuration on the border device and VTEPs:
• On the border device, create VSI interfaces, associate them with VPN instances, and enable
IGMP on the VSI interfaces.
• On the border device, associate the multicast source-facing interfaces with VPN instances.
• On the border device and VTEPs, enable IGMP snooping on VSIs.
The border device and VTEPs learn multicast forwarding entries as follows:
1. On the border device, VSI interfaces broadcast IGMP queries in their respective VXLANs after
they are enabled with IGMP.
2. The VTEPs mark the VXLAN tunnel interfaces where the IGMP queries are received as IGMP
snooping router ports, remove VXLAN encapsulation from the IGMP queries, and forward
them to local hosts.
3. Multicast receivers reply with IGMP membership reports.
4. The VTEPs mark the ACs where the IGMP membership reports are received as IGMP
snooping member ports and forward the reports to the border device through VXLAN tunnels.
5. The border device receives the IGMP membership reports on a VXLAN tunnel interface and
marks the VXLAN tunnel interface as an IGMP snooping member port.
Having learned multicast forwarding entries, the border device and VTEPs forward multicast traffic
as follows:
1. When receiving multicast packets, the border device identifies their VPN instance by the
incoming interface and forwards them based on the multicast forwarding table of the VPN
instance.
2. If the traffic outgoing interface is a VSI interface, the border device forwards the multicast
packets through the IGMP snooping member ports in the V XLA N associated with the VSI
interface. The IGMP snooping member ports are VXLAN tunnel interfaces.

2
 3. The VTEPs decapsulate the multicast packets and forward them out of member ports to
multicast receivers.

MDT MVXLAN
On the public network, MV XLA N multicast traffic is forwarded along an MDT rooted at the multicast
source-side V TEP to leaf receiver-side VTEPs through unidirectional MV XLA N tunnels. MDT-based
transmission ensures that multicast traffic is forwarded along optimal paths.

Benefits
MDT MVXLAN provides the following benefits:
• On-demand multicast forwarding—Creates multicast distribution trees and manages
multicast group members by using BGP EVPN routes and PIM.
• Inter-VXLAN multicast forwarding—Uses distributed EVPN gateways to forward Layer 3
multicast traffic between VXLANs.

Network model
As shown in Figure 2, distributed EVPN gateways are collocated with the V TEPs, and MV XLA Ns
are created on the VTEPs to direct multicast traffic forwarding. When receiving multicast packets, a
VTEP forwards them through ACs and MVXLAN tunnels to multicast receivers.
For more information about VTEPs, VSIs, and VXLANs, see VXLAN Configuration Guide. For more
information about EVPN configuration, see "Configuring EVPN."
Figure 2 MDT MVXLAN network model

VXLAN network
MVXLAN
Source MVXLAN
VXLAN 10
MVXLAN tunnel

VTEP 1 P VTEP 2 Receiver 2

VXLAN 20

MVXLAN VTEP 3
Receiver 1
VXLAN 10

Receiver 3
VXLAN 30

Basic concepts
The following are the basic concepts in MVXLAN:
• MDT—An MDT is a multicast distribution tree constructed by all VTEPs in the same MVXLAN.
MDTs include the default MDT and the data MDT.

3
 • Default group—A default group is a unique multicast address assigned to each MVXLAN on
the public network. It is the unique identifier of an MVXLAN on the public network and helps
build the default MDT for an MVXLAN on the public network. Packets of the private multicast
groups in an MVXLAN are encapsulated into packets of the default group before they are
transmitted on the public network.
• Default MDT—A default MDT uses a default group address as its group address. The default
MDT of an MVXLAN is uniquely identified by the default group and transmits all private
multicast packets of the MVXLAN. A default MDT is automatically created after the default
group is specified and will always exist on the public network, regardless of whether multicast
services exist on the public network or MVXLAN.
• Data group—An MVXLAN is assigned a unique data group for MDT switchover. If you use an
ACL to match the multicast traffic of an MVXLAN, the ingress VTEP selects a least used
address from the data group range to encapsulate the matching multicast packets of the
MVXLAN. Other VTEPs are notified to use the address to forward the matching traffic of the
MVXLAN. This initiates the switchover to the data MDT.
• Data MDT—A data MDT is an MDT that uses a data group as it group address. At MDT
switchover, VTEPs with downstream receivers join a data group to build a data MDT. The
ingress VTEP forwards the encapsulated MVXLAN multicast traffic along the data MDT over
the public network.

MP-BGP extension for MVXLAN

To support MVXLAN, MP-BGP introduces the following routes for creating MDTs under the EVPN
address family:
• Supplementary broadcast domain selective multicast Ethernet tag (SBD-SMET) route—
Contains private multicast source address and private multicast group address information. A
receiver-side VTEP uses the SBD-SMET route to advertise its interest in a specific (*, G) or
(S, G). An SBD-SMET route carries the RD configured in VPN instance view and export
targets configured in VPN instance IPv4 or IPv6 address family view.
• Selective provider multicast service interface route—Also known as S-PMSI A-D route. An
S-PMSI A-D route contains the private multicast source address, private multicast group
address, default or data group address, and MVXLAN source interface address. S-PMSI A-D
routes are used by the multicast source-side VTEP and its BGP peers to establish the default
MDT and switch traffic from the default MDT to a data MDT. An S-PMSI A-D route carries the
RD configured in VPN instance view and export targets configured in VPN instance IPv4 or
IPv6 address family view.

Automatic MVXLAN tunnel establishment and assignment

In an MV XLAN net work, V TEPs automatically establish MV XLA N tunnels and assign them to
MV XLA Ns to forward Layer 3 multicast traffic. The tunnel source is the MV XLAN source interface
address, and the tunnel destination is the default or data group address. An MV XLAN tunnel is a
unidirectional tunnel from the multicast source-side VTEP to a multicast receiver-side VTEP.

Default MDT establishment

The multicast routing protocol running on the public network can be PIM -SM or P IM-SSM. The
process of creating a default MDT is the same in these P IM modes. All V TEPs in an MV XLA N join
the default MDT of the MV XLAN. The private multicast packets of the MV XLAN are forwarded along
the default MDT to the VTEPs, no matter whether the site attached to a VTEP contains receivers.

4
 Figure 3 Default MDT establishment in a PIM-SM network
VTEP 3

Default group: 232.1.1.1

Source interface IP: 11.1.1.1

Public instance BGP peers

S-PMSI A-D route
SPT (11.1.1.1, 232.1.1.1)

VTEP 1 VTEP 2
MVXLAN

As shown in Figure 3, PIM-SM runs on the public network, and MV XLAN is configured on all VTEPs.
The process for establishing a default MDT is as follows:
1. VTEP 1 sends an S-PMSI A-D route that contains (*, *) to VTEP 2 and VTEP 3.
2. VTEP 2 and VTEP 3 receive the route and join a multicast group according to the PMSI tunnel
attribute of the route. The PMSI tunnel attribute contains the following information:
 The multicast source is the IP address of the MVXLAN source interface on VTEP 1.
 The multicast group is the default group configured on VTEP 1.
3. Multicast forwarding entries are created on each device along the paths on the public network,
and a shortest path tree (SPT) with VTEP 1 as the root and VTEP 2 and VTEP 3 as leaves is
created. The SPT is the default MDT.

Default MDT-based transmission

After the default MDT is established, the multicast source sends the private multicast traffic to the
receivers in each site along the default MDT. The private multicast packets are encapsulated into
public multicast packets on the local VTEP and transmitted along the default MDT. Then, they are
decapsulated on the remote VTEPs and transmitted in remote VXLAN sites.
Figure 4 Multicast data packet transmission
Multicast packets (192.1.1.1, 225.1.1.1)
VTEP 3
VXLAN packets (11.1.1.1, 239.1.1.1)

S: 192.1.1.1/24
G: 225.1.1.1

Source Receiver
P
MVXLAN tunnel
VTEP 1 MVXLAN VTEP 2
Site 1 Site 2
Default group: 239.1.1.1
Source interface IP: 11.1.1.1/24

5
 As shown in Figure 4, PIM-SM runs on the public network, the multicast source is attached to VTEP
1, and the multicast receiver is attached to VTEP 2. The multicast forwarding process is as follows:
1. The multicast source sends private multicast packets (192.1.1.1, 225.1.1.1) to VTEP 1.
2. VTEP 1 creates a multicast forwarding entry for (192.1.1.1, 225.1.1.1).
3. VTEP 1 processes the packets based on whether the receiver has joined the private multicast
group:
 If the receiver has sent an IGMP join message to VTEP 2, VTEP 1 has an SBD-SMET
route sent by VTEP 1 that contains (*, G). VTEP 1 adds VXLAN encapsulation to the
packets according to the route and forwards them to VTEP 2 and VTEP 3 along the default
MDT. In the outer IP header of the VXLAN packets, the source IP address is the IP address
of the MVXLAN source interface, and the destination IP address is the default group
address.
 If no receiver exists, VTEP 1 drops the packets.
4. VTEP 2 decapsulates the VXLAN packets and forwards the private multicast packets to the
receiver.
5. VTEP 3 decapsulates the VXLAN packets and drops the private multicast packets because no
local receiver exists.

MDT switchover
An MV XLAN can use the default MDT or a data MDT for multicast traffic forwarding. The default
MDT is uniquely identified by the default group, and a data MDT is uniquely identified by a data
group. Each default group is associated with a data group range.
Switching from the default MDT to a data MDT
When a multicast packet of an MV XLAN is transmitted t hrough the default MDT on the public
network, the packet is forwarded to all V TEPs configured with the VPN instance of the MV XLA N.
This occurs whether or not any active receivers exist in the sites attached t o the V TEPs. When the
rate of the multicast traffic of that MV XLAN is high, multicast traffic might be flooded on the public
network. This increases the bandwidth use and brings extra burden on the VTEPs.
To optimize multicast transmission, the MDT-based MV XLA N solution introduces a dedicated dat a
MDT. The data MDT is built between the VTEPs that are attached to MVXLAN multicast receivers
and multicast sources. When specific net work criteria are met, multicast traffic is switched from the
default MDT to the data MDT.
A switchover from the default MDT to the data MDT is initiated as follows:
1. Private multicast traffic passes the ACL rule filtering for default MDT to data MDT switchover.
2. The source-side VTEP selects a least-used address from the data group range and sends an
S-PMSI A-D route to all the other VTEPs down the default MDT. This route contains the
private multicast source address, private multicast group address, IP address of the MVXLAN
source interface, and data group address.
3. Each VTEP that receives the route examines whether it has receivers of that private multicast
stream.
If so, it joins the data MDT rooted at the source-side VTEP. Otherwise, it caches the route and
will join the data MDT when it has attached receivers.
4. After sending the S-PMSI A-D route, the source-side VTEP starts the data-delay timer. When
the timer expires, the source-side VTEP uses the data group address to encapsulate the
private multicast traffic. The multicast traffic is then forwarded down the data MDT.
5. After the multicast traffic is switched from the default MDT to the data MDT, a downstream
VTEP can leave the data MDT by sending a PIM prune message if it no longer has active
receivers attached to it.

6
Switching from the data MDT to the default MDT
After the MXVLAN multicast traffic is switched to the data MDT, the multicast traffic conditions might
change and no longer meet the switchover criterion. In this case, the source-side V TEP initiates a
backward MDT switchover process when any of the following criteria are met:
• The associated data group range is changed, and the data group address for encapsulating
the MVXLAN multicast traffic is not in the new address range.
• The ACL rule for controlling the switchover from the default MDT to the data MDT has changed,
and the MVXLAN multicast traffic fails to pass the new ACL rule.

M-LAG in MVXLAN

Overview
As shown in Figure 5, you c an use multichassis link aggregation (M-LAG) to virtualize two VTEPs or
border devices into an M-LAG system to prevent single points of failure from interrupting traffic. The
VTEPs or border devices can have both multicast sources and rec eivers attached. For more
information about M-LAG, see Layer 2—LAN Switching Configuration Guide.
Figure 5 M-LAG in MVXLAN
Source 2
Receiver 4 (S2, G)
(*, G)
Internet

Agg1 Agg2
Agg2 Agg1
Border 1 Border 2
Peer link

Transport
netw ork

VTEP 1 VTEP 4
Peer link VTEP 2 VTEP 3 Peer link

Agg2 Agg2
Agg1 Agg1
Agg2 Agg1 Agg1 Agg2

Site 1 Site 2 Site 3 Site 4

Source 1 Receiver 1 Receiver 2 Receiver 3

(S1, G) (*, G) (*, G) (*, G)

Mechanisms
In an M-LAG system, the M-LAG member devices synchronize multicast traffic and multicast join
requests (IGMP membership reports or P IM join messages) over the peer link to maintain
consistency in multicast source and receiver information. When one M-LAG member device fails or

7
 its uplink or downlink fails, the other M-LAG member device forwards all multicast traffic to avoid
traffic interruption.
As shown in Figure 5, the M-LAG system formed by VTEP 1 and VTEP 2 operates as follows:
1. VTEP 1 and VTEP 2 set up MVXLAN tunnels with the other devices on the network. The
MVXLAN tunnels use the virtual VTEP address as the multicast source and the default group
address as the destination address.
2. When receiving the multicast join requests sent by the multicast receivers on aggregate
interface 2, VTEP 1 sends the requests over the peer link to VTEP 2.
3. Both VTEP 1 and VTEP 2 create multicast forwarding entries for the multicast join requests
and send SBD-SMET routes to the multicast source-side VTEP.
4. When receiving the multicast traffic sent by the multicast source on aggregate interface 1,
VTEP 1 sends the multicast traffic over the peer link to VTEP 2.
5. VTEP 1 and VTEP 2 forward the multicast traffic according to the following rules:
 The M-LAG member device with an odd M-LAG system number forwards traffic destined
for odd multicast group addresses.
 The M-LAG member device with an even M-LAG system number forwards traffic destined
for even multicast group addresses.
 When one M-LAG member device fails, the other M-LAG member device forwards all
multicast traffic.
6. If the requirements are met for switching traffic from the default MDT to a data MDT, the
primary M-LAG member device selects a target data MDT and advertises the data MDT to the
secondary M-LAG member device through an SBD-SMET route.
7. The secondary M-LAG member device acts as follows:
 If the data group exists on the device, the device uses that data group for multicast
forwarding.
 If the data group does not exist or the device does not receive the SBD-SMET route, the
device selects a local data group.

Layer 3 multicast in DCI scenarios

NOTE:
This feature is supported only in an IPv4 site network.

Features
DCI Layer 3 multicast in an MDT-based MVXLAN network has the following features:
• On-demand multicast forwarding—An ED forwards multicast traffic over VXLAN-DCI
tunnels only when it detects multicast receivers in remote data centers through BGP EVPN
routes.
• Inter-L3 VXLAN ID multicast forwarding—You can configure L3 VXLAN ID mappings on
EDs to enable inter-data center multicast for a VPN instance that use different L3 VXLAN IDs
at multiple data centers.
Working mechanism
As shown in Figure 6, inter-data center Layer 3 multicast traffic is forwarded through the
VXLAN-DCI tunnels set up among EDs.
An ED operates as follows after receiving SBD-SMET and S-PMSI A-D routes from a remote ED:
• For an SBD-SMET route, the ED finds a VXLAN-DCI tunnel interface based on the nexthop for
the route and uses the interface as the outgoing interface for multicast traffic.

8
 • For an S-PMSI A-D route, the ED replaces the multicast source address in the PMSI tunnel
attribute of the route with the address of the local MVXLAN source interface. Then, a
default-MDT or data-MDT with the ED as the multicast source is set up in the local data center.
Within a dat a center, EDs and V TEPs advertise BGP EVP N routes and set up MV XLA N tunnels in
the same way they do in a non-DCI environment.
As shown in Figure 6, after BGP EVPN route advertisement and tunnel setup are finished, VTEPs
and EDs forward traffic as follows:
1. When VTEP 1 receives multicast traffic in a VPN, it forwards the traffic over MVXLAN tunnels
to local VTEPs and ED in the VPN.
2. VTEP 2 forwards the multicast traffic to the attached receivers, and ED 1 forwards the
multicast traffic over the VXLAN-DCI tunnel to DC 2.
3. ED 3 forwards the multicast traffic to VTEP 3, and VTEP 3 forwards the multicast traffic to the
attached receiver.
Figure 6 Network model for DCI Layer 3 multicast in an MDT-based MVXLAN network

Receiver 1
VXLAN 10
VTEP 1

Core
DC 1 network DC 2
VTEP 3
MVXLAN tunnel

Source
VXLAN 10
VXLAN-DCI tunnel MVXLAN tunnel

Receiver 2 ED 1 ED 2
VXLAN 20

VTEP 2 Receiver 3
VXLAN 30

L3 VXLAN ID mapping
If a VPN instance uses different L3 V XLA N IDs at two data centers, perform t he following tasks for
multicast traffic of the VPN instance to be transmitted between the data centers:
1. Create an intermediate VPN instance on both EDs.
2. Configure L3 V XLA N ID mappings on the EDs and associate the non-local L3 V XLA N ID in the
mapping with the intermediate VPN instanc e. You can map L3 V XLA N IDs by using one of the
following methods
 On each ED, map the local L3 V XLA N ID to an intermediate L3 V XLA N ID. The following is
an example of intermediate L3 VXLAN ID mapping:

Data center ED Local L3 VXLAN ID Mapped L3 VXLAN ID

DC 1 ED 1 1 12

DC 2 ED 2 2 12

 On each ED, map the local L3 VXLAN ID to the remote L3 VXLAN ID. The following is an
example of non-intermediate L3 VXLAN ID mapping:

Data center ED Local L3 VXLAN ID Mapped L3 VXLAN ID

DC 1 ED 1 10 20
DC 2 ED 2 20 10

9
3. Configure V TEPs and EDs to reoriginate S-PMS I and SME T routes and modify the RDs, route
targets, and L3 VXLAN ID in the routes.
As shown in Figure 7, DC 1 uses L3 V XLA N ID 1, and DC 2 uses L3 V XLAN ID 2. Both L3 V XLA N
IDs are mapped to L3 VXLAN ID 12 on the EDs. The multicast forwarding entry learning and
multicast forwarding processes are as follows:
1. After the default group is configured on V TEP 3, VTEP 3 advertises an S-PMS I route that
carries the (*, *) entry and L3 VXLAN ID 2.
2. ED 2 receives the S-PMSI rout e and imports it to the local VPN instance and intermediate VP N
instance. ED 2 then reoriginates an S-PMS I route with the int ermediate L3 V XLAN ID included
for the intermediate VPN instance and advertises it to ED 1.
3. ED 1 receives the S-PMSI route and imports it to the local VPN instance and intermediate VPN
instance. ED 1 then reoriginates an S-PMSI route for the local VPN instance and advertises it
to VTEP 1 and VTEP 2.
4. Receiver 3 sends an IGMP membership report to join the multicast group.
5. VTEP 3 creates a (*, G) entry and advertises an SMET route for the multicast group.
6. ED 2 performs the following actions after receiving the SMET route:
a. Imports it to the local VPN instance and intermediate VPN instance.
b. Reoriginates an SMET route for the intermediate VPN instance and advertises it to ED 1.
c. Creates a (*, G) entry for the local VPN instance.
7. ED 1 performs the following actions after receiving the SMET route:
a. Imports it to the local VPN instance and intermediate VPN instance.
b. Reoriginates an SMET route for the local VPN instance and advertises it to VTEP 1 and
VTEP 2.
c. Creates a (*, G) entry with a VSI interface as the outgoing interface for the intermediate
VPN instance.
8. VTEP 1 and VTEP 2 receive the SMET route, import it to the local VPN instance, and create a
(*, G) entry.
9. When VTEP 1 receives multicast traffic, it advertises an S-PMSI route that carries default
group information and (S, G) multicast source information.
10. ED 1 receives the S-PMSI route, reoriginates an S-PMSI route, and creates the following
entries:
 A (S, G) entry for the local VPN instance, in which the intermediate VPN instance is the
outgoing interface.
 A (S, G) entry for the intermediate VPN instance, in which the local VPN instance is the
incoming interface and a VSI interface is the outgoing interface. The traffic sent out of the
VSI interface is forwarded through a VXLAN-DCI tunnel interface.
11. ED 2 receives the S-PMSI route, reoriginates an S-PMSI route, and creates the following
entries:
 A (S, G) entry for the intermediate VPN instance, in which a VSI interface is the incoming
interface and the local VPN instance is the outgoing interface.
 A (S, G) entry for the local VPN instance, in which the intermediate VPN instance is the
incoming interface and an MTunnel interface is the outgoing interface.
12. After the multicast source sends multicast traffic, the VTEPs and EDs forward the traffic based
on the learned multicast forwarding entries.

10
 Figure 7 L3 VXLAN ID mapping

Receiver 1
VXLAN 10
VTEP 1

DC 1 Core DC 2
L3VNI 1 network L3VNI 2
VTEP 3

MVXLAN tunnel
Source
VXLAN 10
VXLAN-DCI tunnel MVXLAN tunnel

Receiver 2 ED 1 L3VNI 12 ED 2
VXLAN 20

VTEP 2 Receiver 3
VXLAN 30

Layer 3 multicast in DCI multihoming scenarios

NOTE:
This feature is supported only in an IPv4 site network.

As shown in Figure 8, to avoid single point of failure for Layer 3 multicast in DCI scenarios, you can
deploy multiple EDs at the edge of a data center. The E Ds use the same virtual ED address to form
an ED group. The ED group uses the virt ual ED address to establish VXLAN tunnels with V TEPs
and VXLAN-DCI tunnels with remote EDs for ED redundancy and load balancing.
Figure 8 Layer 3 multicast in DCI multihoming scenarios

ED 1

DC 1
DC 2
VXLAN-DCI tunnel VTEP 2
VTEP 1
Virtual Core
ED MVXLAN tunnel
network
ED 3

ED 2 Receiver
VXLAN 30
Source
VXLAN 10

As shown in Figure 9, Layer 3 multicast in DCI multihoming scenarios uses the same BGP EVPN
route advertisement and V XLAN/MV XLA N tunnel establishment processes as Layer 3 multicast in
DCI scenarios except for the following items:
• Multiple EDs (ED 1 and ED 2 in this example) use the virtual IP address of the ED group to
establish VXLAN-DCI tunnels with remote EDs (ED 3 in this example).
• When ED 3 receives SMET or S-PMSI A-D routes from DC 1, it replaces the next hop of the
routes with the virtual IP address of the ED group.
• An ED in the ED group does not join the MVXLAN tunnels of other EDs in the same ED group.

11
After BGP EVPN route advertisement and VXLAN/MVXLAN tunnel establishment, DCI Layer 3
multicast traffic is forwarded as follows:
1. When VTEP 1 receives multicast traffic from a multicast source, it identifies the VPN instance
of the traffic. Then, VTEP 1 forwards the multicast traffic to ED 1, ED 2, and the other VTEPs in
the local data center through multicast tunnels in the VPN instance.
2. The other VTEPs in the local data center forwards the multicast traffic to the multicast receiver
attached to the VTEPs. ED 1 and ED 2 performs forwarder election and the ED that wins the
election forwards the multicast traffic to ED 3 in DC 2 over a VXLAN-DCI tunnel.
3. ED 3 forwards the multicast traffic to VTEP 2 through a multicast tunnel.
4. VTEP 2 forwards the multicast traffic to multicast receivers.

12
Configuring ingress replication MVXLAN
Restrictions and guidelines: Multicast source
location
You can attach a multicast source only to a border device in an ingress replication MVXLAN
network.
Before you configure multicast features on a VSI interface, assign a primary IP address to the VSI
interface.

Ingress replication MVXLAN tasks at a glance

To configure ingress replication MVXLAN, perform the following tasks:
1. Configuring VXLAN
a. Configuring a VXLAN on a VSI
b. Configuring a VXLAN tunnel
c. Manually assigning VXLAN tunnels to a VXLAN
d. Assigning customer frames to a VSI
For more information about VXLAN configuration, see VXLAN Configuration Guide.
2. Configuring IGMP and IGMP snooping
a. Enabling IGMP on a VSI interface on a border device
b. Enabling IGMP snooping on a VSI on a border device or VTEP
For more information about IGMP and IGMP snooping configuration, see IP Multicast
Configuration Guide.
3. Configuring a VPN instance
a. Creating a VPN instance
b. Associating a VSI interface with a multicast source-facing interface on a border device
For more information about VPN instance configuration, see MPLS L3VPN configuration in
MPLS Configuration Guide.
4. Configuring MVXLAN
a. Enabling IP multicast routing for a VPN instance
b. Creating an MVXLAN
c. Configuring a VSI interface as a distributed designated router interface
You must perform this task on a VTEP if the VTEP acts as a distributed VXLAN IP
gateway.

Enabling IP multicast routing for a VPN instance

1. Enter system view.
system-view
2. Enable IP multicast routing for a VPN instance and enter MRIB view.
multicast routing vpn-instance instance-name
By default, IP multicast routing is disabled for VPN instances.

13
 For more information about this command, see multicast routing and forwarding commands in
IP Multicast Command Reference.

Creating an MVXLAN
About this task
You can create one or multiple ingress replication MV XLA Ns on a VTEP to provide services for
different VPN instances and the public instance.
Creating an MVXLAN for a VPN instance
1. Enter system view.
system-view
2. Create an ingress replication MVXLAN and enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode
ingress-replication
3. Create the MVXLAN IPv4 address family and enter its view.
address-family ipv4
Creating an MVXLAN for the public instance
1. Enter system view.
system-view
2. Create an ingress replication MVXLAN and enter MVXLAN view.
multicast-vpn vxlan public-instance mode ingress-replication
3. Create the MVXLAN IPv4 address family and enter its view.
address-family ipv4

Configuring a VSI interface as a distributed

designated router interface
About this task
On the V TEPs configured with MV XLA N, you must specify the VSI interfaces that act as distributed
EVPN gateways as distributed designated router interfaces. This operation ensures that a
distributed EVPN gateway can forward multicast traffic to the local site.
Procedure
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface interface-number
3. Configure the VSI interface as a distributed designated router interface.
pim distributed-dr
By default, a VSI interface is not a distributed designated router interface.
For more information about this command, see PIM commands in IP Multicast Command
Reference.

14
Ingress replication MVXLAN configuration
examples
Example: Configuring an ingress replication MVXLAN
Network configuration
As shown in Figure 9, the border device is attached to a multicast source in VPN A. Configure an
ingress replication MV XLA N to forward the multicast traffic from the s ource to the receivers, and
configure VTEP 1 as a centralized VXLAN IP gateway.
Figure 9 Network diagram

Loop0
2.2.2.2/32 Source 1
VPN A
Border Vlan-int30

Vlan-int10 Vlan-int20
10.1.1.2/24 20.1.1.2/24

Vlan-int10
Vlan-int20
10.1.1.1/24
20.1.1.3/24
VTEP 1 Vlan-int30 Vlan-int30 VTEP 2
30.1.1.1/24 30.1.1.3/24

WGE1/0/1 WGE1/0/2 WGE1/0/1 WGE1/0/2

VPN A
VPN A

Receiver 1 Receiver 2 Receiver 3 Receiver 4

VXLAN 10 VXLAN 10 VXLAN 10 VXLAN 10

Procedure
1. Set the hardware resource modes of Switch A, Switch B, and Switch C. This step uses Switch
A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 9. (Details not shown.)

15
 # Configure OSPF on the border device and VTEPs for them to reach one another. (Details not
shown.)
3. Configure the border device:
# Enable L2VPN and IGMP snooping.
<Border> system-view
[Border] l2vpn enable
[Border] igmp-snooping
[Border-igmp-snooping] quit
# Set up VXLAN tunnels to the VTEPs.
[Border] interface tunnel 1 mode vxlan
[Border-Tunnel1] source 2.2.2.2
[Border-Tunnel1] destination 1.1.1.1
[Border-Tunnel1] quit
[Border] interface tunnel 2 mode vxlan
[Border-Tunnel2] source 2.2.2.2
[Border-Tunnel2] destination 3.3.3.3
[Border-Tunnel2] quit
# Create VSI vpna and VXLAN 10, and enable IGMP snooping on VSI vpna.
[Border] vsi vpna
[Border-vsi-vpna] igmp-snooping enable
[Border-vsi-vpna] vxlan 10
# Assign Tunnel 1 and Tunnel 2 to VXLAN 10.
[Border-vsi-vpna-vxlan-10] tunnel 1
[Border-vsi-vpna-vxlan-10] tunnel 2
[Border-vsi-vpna-vxlan-10] quit
[Border-vsi-vpna] quit
# Create VPN instance vpna.
[Border] ip vpn-instance vpna
[Border-vpn-instance-vpna] quit

# Enable IP multicast routing.

[Border] multicast routing vpn-instance vpna
[Border-mrib] quit
# Configure VSI-interface 1, associate it with VPN instance vpna, and enable IGMP on it.
[Border] interface vsi-interface 1
[Border-Vsi-interface] ip binding vpn-instance vpna
[Border-Vsi-interface] ip address 100.1.1.2 255.255.255.0
[Border-Vsi-interface] igmp enable
[Border-Vsi-interface] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[Border] vsi vpna
[Border-vsi-vpna] gateway vsi-interface 1
[Border-vsi-vpna] quit
# Associate multicast source-facing interface VLAN-interface 30 with VPN instance vpna, and
enable PIM SM on VLAN-interface 30.
[Border] interface vlan-interface 30
[Border-Vlan-interface30] ip binding vpn-instance vpna
[Border-Vlan-interface30] ip address 100.2.2.2 255.255.255.0
[Border-Vlan-interface30] pim sm

16
 [Border-Vlan-interface30] quit
# Create an ingress replication MVXLAN, and create the MVXLAN IPv4 address family and
enter its view.
[Border] multicast-vpn vxlan vpn-instance vpna mode ingress-replication
[Border-mvxlan-vpna] address-family ipv4
4. Configure VTEP 1:
# Enable L2VPN and IGMP snooping.
<VTEP1> system-view
[VTEP1] l2vpn enable
[VTEP1] igmp-snooping
[VTEP1-igmp-snooping] quit

# Set up a VXLAN tunnel to the border device.

[VTEP1] interface tunnel 2 mode vxlan
[VTEP1-Tunnel2] source 1.1.1.1
[VTEP1-Tunnel2] destination 2.2.2.2
[VTEP1-Tunnel2] quit
# Create VSI vpna and VXLAN 10, and enable IGMP snooping on VSI vpna.
[VTEP1] vsi vpna
[VTEP1-vsi-vpna] igmp-snooping enable
[VTEP1-vsi-vpna] vxlan 10

# Assign Tunnel 2 to VXLAN 10.

[VTEP1-vsi-vpna-vxlan-10] tunnel 2
[VTEP1-vsi-vpna-vxlan-10] quit
[VTEP1-vsi-vpna] quit
# On Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2, create Ethernet service instance
1000 to match VLAN 2 and map Ethernet service instance 1000 to VSI vpna.
[VTEP1] interface twenty-fivegige 1/0/1
[VTEP1-Twenty-FiveGigE1/0/1] service-instance 1000
[VTEP1-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
[VTEP1-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[VTEP1-Twenty-FiveGigE1/0/1-srv1000] quit
[VTEP1-Twenty-FiveGigE1/0/1] quit
[VTEP1] interface twenty-fivegige 1/0/2
[VTEP1-Twenty-FiveGigE1/0/2] service-instance 1000
[VTEP1-Twenty-FiveGigE1/0/2-srv1000] encapsulation s-vid 2
[VTEP1-Twenty-FiveGigE1/0/2-srv1000] xconnect vsi vpna
[VTEP1-Twenty-FiveGigE1/0/2-srv1000] quit
[VTEP1-Twenty-FiveGigE1/0/2] quit
5. Configuring VTEP 2:
# Enable L2VPN and IGMP snooping.
<VTEP2> system-view
[VTEP2] l2vpn enable
[VTEP2] igmp-snooping
[VTEP2-igmp-snooping] quit
# Set up a VXLAN tunnel to the border device.
[VTEP2] interface tunnel 2 mode vxlan
[VTEP2-Tunnel2] source 3.3.3.3
[VTEP2-Tunnel2] destination 2.2.2.2

17
 [VTEP2-Tunnel2] quit
# Create VSI vpna and VXLAN 10, and enable IGMP snooping on VSI vpna.
[VTEP2] vsi vpna
[VTEP2-vsi-vpna] igmp-snooping enable
[VTEP2-vsi-vpna] vxlan 10
# Assign Tunnel 2 to VXLAN 10.
[VTEP2-vsi-vpna-vxlan-10] tunnel 2
[VTEP2-vsi-vpna-vxlan-10] quit
[VTEP2-vsi-vpna] quit
# On Twenty-FiveGigE 1/0/1 and Twenty-FiveGigE 1/0/2, create Ethernet service instance
1000 to match VLAN 2 and map Ethernet service instance 1000 to VSI vpna.
[VTEP2] interface twenty-fivegige 1/0/1
[VTEP2-Twenty-FiveGigE1/0/1] service-instance 1000
[VTEP2-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
[VTEP2-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[VTEP2-Twenty-FiveGigE1/0/1-srv1000] quit
[VTEP2-Twenty-FiveGigE1/0/1] quit
[VTEP2] interface twenty-fivegige 1/0/2
[VTEP2-Twenty-FiveGigE1/0/2] service-instance 1000
[VTEP2-Twenty-FiveGigE1/0/2-srv1000] encapsulation s-vid 2
[VTEP2-Twenty-FiveGigE1/0/2-srv1000] xconnect vsi vpna
[VTEP2-Twenty-FiveGigE1/0/2-srv1000] quit
[VTEP2-Twenty-FiveGigE1/0/2] quit

Verifying the configuration

1. Verify the MVXLAN settings on the border device:
# Verify that the VXLAN tunnel interfaces are up on the border device.
[Border] display interface tunnel 1
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 2.2.2.2, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that VSI-interface 1 is up.
[Border] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby

18
 Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
# Verify that the border device has multicast routing entries.
[Border] display pim vpn-instance vpna routing-table
Total 17 (*, G) entries; 18 (S, G) entries
(10.1.2.99, 225.0.1.1)
RP: 10.1.2.88 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT 2MVPN
UpTime: 21:24:27
Upstream interface: Vlan-interface30
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 07:08:26, Expires: -
2. Verify the MVXLAN settings on VTEP 1:
# Verify that the interfaces that host ACs are member ports.
[VTEP1] display igmp-snooping group
Total 1 entries.
VSI vpna: Total 1 entries.
(0.0.0.0, 225.0.1.1)
Host ports (1 in total):
WGE1/0/1 (Link ID 0) (00:04:20)
WGE1/0/2 (Link ID 1) (00:04:20)
# Verify that Tunnel 2 is a router port.
[VTEP1] display igmp-snooping router-port
VSI vpna:
Router ports (1 in total):
Tun2 (VXLAN ID 10) (00:03:23)
3. Verify that the multicast receivers can receive the multicast traffic sent by the multicast source.
(Details not shown.)

19
Configuring MDT-based MVXLAN
MDT-based MVXLAN tasks at a glance
To configure MDT-based MVXLAN, perform the following tasks:
1. Configuring EVPN
a. Configuring a VXLAN on a VSI
b. Mapping ACs to a VSI
c. Configuring an EVPN instance
d. Configuring BGP to advertise BGP EVPN routes
e. Configuring a distributed EVPN gateway
For more information about EVPN configuration, see "Configuring EVPN."
2. Configuring IGMP and IGMP snooping
a. Enabling IGMP on a VSI interface
b. Enabling IGMP proxying on a VSI interface
c. Enabling IGMP snooping
d. Configuring IGMP snooping proxying
For more information about IGMP and IGMP snooping configuration, see IP Multicast
Configuration Guide.
3. Configuring PIM on the transport-facing interfaces of VTEPs
Choose one of the following tasks:
 Configuring PIM-SM
 Configuring PIM-SSM
For more information about PIM configuration, see IP Multicast Configuration Guide.
4. Configuring MVXLAN
a. Enabling IP multicast routing for a VPN instance
b. Creating an MVXLAN
c. Configuring a default group
d. Specifying the MVXLAN source interface
e. Configuring MDT switchover parameters
f. Configuring a VSI interface as a distributed designated router interface
g. (Optional.) Configuring an MVXLAN extranet RPF selection policy
h. (Optional.) Configuring M-LAG in MVXLAN
i. (Optional.) Configuring DCI Layer 3 multicast
j. (Optional.) Configuring an ED group for DCI Layer 3 multicast

Restrictions: IGMP proxying configuration

When you configure IGMP proxying for an MDT-based MVXLAN, follow these restrictions and
guidelines:
• You must enable IGMP proxying on all VTEPs and EDs. Do not enable IGMP proxying on only
some of the VTEPs or EDs in the MVXLAN.
• IGMPv1 is not supported.

20
 • If multicast receivers send IGMP membership reports that carry (*, G) information, make sure
all multicast sources that send traffic to the related multicast group are attached to the same
VTEP. This restriction frequents frequent changes of outgoing interfaces in multicast
forwarding entries from affecting traffic forwarding.

Enabling IP multicast routing for a VPN instance

1. Enter system view.
system-view
2. Enable IP multicast routing for a VPN instance and enter MRIB view.
IPv4:
multicast routing vpn-instance instance-name
IPv6:
ipv6 multicast routing vpn-instance instance-name
By default, IP multicast routing is disabled for VPN instances.
For more information about the commands, see multicast routing and forwarding commands
and IPv6 multicast routing and forwarding commands in IP Multicast Command Reference.

Creating an MVXLAN
About this task
You can create one or multiple MDT-based MV XLA Ns on a VTEP to provide services for different
VPN instances and the public instance.
Restrictions and guidelines
If a multicast source is attached to one V TEP or border device and the multicast receivers are
attached to another V TEP or border devic e, MVXLAN cannot forward multicast traffic in the public
instance.
Creating an MVXLAN for a VPN instance
1. Enter system view.
system-view
2. Create an MDT-based MVXLAN and enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
Creating an MVXLAN for the public instance
1. Enter system view.
system-view
2. Create an MDT-based MVXLAN and enter MVXLAN view.
multicast-vpn vxlan public-instance mode mdt

Configuring a default group

About this task
When adding V XLAN encapsulation to privat e multicast packets, the VTEP uses the default group
as the destination IP address in the outer IP header.

21
Restrictions and guidelines
The default group address of an MV XLAN must be unique among MV XLA Ns , and it cannot be the
same as a data group address of any MVXLAN.
For an MV XLAN that transmits both IP v4 and IP v6 multicast packets, you must specify the same
default group in MV XLA N IP v4 address family view and IP v6 address family view, and the dat a
group ranges in the two views cannot overlap.
Procedure
1. Enter system view.
system-view
2. Enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
3. Create the MVXLAN IPv4 or IPv6 address family and enter its view.
IPv4:
address-family ipv4
IPv6:
address-family ipv6
4. Configure the default group.
default-group group-address
By default, no default group exists.

Specifying the MVXLAN source interface

About this task
When adding V XLA N encapsulation to private multicast packets, the V TEP uses the IP address of
the MVXLAN source interface as the source IP address in the outer IP header.
Restrictions and guidelines
You must configure the same MVXLAN source interface for all MVXLAN instances on the device.
For the V TEP to obtain correct routing information, you must specify the interface used for
establishing BGP peer relationships as the MVXLAN source interface.
Procedure
1. Enter system view.
system-view
2. Enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
3. Enter MVXLAN IPv4 or IPv6 address family view.
IPv4:
address-family ipv4
IPv6:
address-family ipv6
4. Specify the MVXLAN source interface.
source interface-type interface-number
By default, no MVXLAN source interface is specified.

22
Configuring MDT switchover parameters
About this task
To avoid frequent switching of multicast traffic between the default MDT and a data MDT, set the
data-delay period. The data-delay period enables the device to perform MDT switchover after a
delay.
Restrictions and guidelines
On a V TEP, the data group range of an MV XLAN cannot include the default group or dat a groups of
any other MVXLAN.
For an MV XLAN that transmits both IP v4 and IP v6 multicast packets, you must specify the same
default group in MV XLA N IP v4 address family view and IP v6 address family view, and the dat a
group ranges in the two views cannot overlap.
All VPN instances share the data group res ourc es. As a best practice to avoid data group resourc e
exhaustion, specify a reasonable data group range for a VPN instance.
Procedure
1. Enter system view.
system-view
2. Enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
3. Enter MVXLAN IPv4 or IPv6 address family view.
IPv4:
address-family ipv4
IPv6:
address-family ipv6
4. Configure the data group range and the switchover criteria.
data-group group-address { mask-length | mask } [ acl acl-number |
name acl-name ]
By default, no data group range exists, and the default MDT to data MDT switchover never
occurs.
5. Set the data-delay period.
data-delay delay
By default, the data-delay period is 3 seconds.

Configuring a VSI interface as a distributed

designated router interface
About this task
On the V TEPs configured with MV XLA N, you must specify the VSI interfaces that act as distributed
EVPN gateways as distributed designated router interfaces. This operation ensures that a
distributed EVPN gateway can forward multicast traffic to the local site.
Procedure
1. Enter system view.
system-view
2. Enter VSI interface view.

23
 interface vsi-interface interface-number
3. Configure the VSI interface as a distributed designated router interface.
pim distributed-dr
A VSI instance is not a distributed designated router interface.
For more information about this command, see PIM commands in IP Multicast Command
Reference.

Configuring an MVXLAN extranet RPF selection

policy
About this task
MVXLAN extranet RPF routing policies are used for multicast transmission when multicast sources
and receivers are located in different VPNs.
MVXLAN extranet RPF selection policies identify the multicast traffic to forward between VPN
instances based on the L3 VXLAN ID or VPN instance of traffic.
• L3 VXLAN ID-based RPF selection policy—A policy of this kind specifies the L3 VXLAN ID
of the VPN instance where a multicast source resides, a multicast source address, and a
multicast group address.
A multicast source-side VTEP matches the L3 VXLAN ID, multicast source address, and
multicast group address in multicast packets with RPF selection policies. If a match is found,
the VTEP forwards the packets to the receiver VPN instance.
With RPF selection policies configured, a multicast receiver-side VTEP forwards multicast
traffic as follows:
a. Removes the VXLAN header added by the multicast source-side VTEP from received
multicast packets. The VXLAN header includes the L3 VXLAN ID of the source VPN
instance.
b. Matches the L3 VXLAN ID, multicast source address, and multicast group address of the
packets with RPF selection policies.
c. Forwards the packets in the receiver VPN instance if a match is found.
• VPN instance-based RPF selection policy—A policy of this kind specifies the VPN instance
where a multicast source resides, a multicast source address, and a multicast group address.
A multicast source-side VTEP matches the VPN instance, multicast source address, and
multicast group address in multicast packets with RPF selection policies. If a match is found,
the VTEP forwards the packets to the receiver VPN instance.
With RPF selection policies configured, a multicast receiver-side VTEP forwards multicast
traffic as follows:
d. Removes the VXLAN header added by the multicast source-side VTEP from received
multicast packets. The VXLAN header includes the L3 VXLAN ID of the source VPN
instance.
e. Matches the VPN instance, multicast source address, and multicast group address of the
packets with RPF selection policies.
f. Forwards the packets in the receiver VPN instance if a match is found.
You can use RPF selection policies on the following networks:
• Asymmetrically configured extranet—The source VPN instance is not configured on the
multicast receiver-side VTEP.
 On the multicast source-side VTEP, you can configure either L3 VXLAN ID-based or VPN
instance-based RPF selection policies.

24
  On the multicast receiver-side VTEP, you can configure only L3 VXLAN ID-based RPF
selection policies.
• Symmetrically configured extranet—The source VPN instance is configured on the
multicast receiver-side VTEP. You can configure either L3 VXLAN ID-based or VPN
instance-based RPF selection policies on the multicast source-side and receiver-side VTEPs.
If s ome of the multicast rec eivers reside on the public net work, specify only the multicast sourc e
address and multicast group address in the related RPF selection policies. On the multicast
receiver-side V TEP, perform the following tasks for the V TEP to forward multicast traffic in both the
receiver VPN instance and the public network:
2. Assign an L3 VXLAN ID to the public instance.
3. Configure an RPF selection policy that does not include an L3 V XLA N ID or VPN instance for
the receiver VPN instance.
Restrictions and guidelines
MV XLA N does not support redirecting the public multicast traffic received by a VS I interfac e to
receiver VPNs based on an L3 VXLAN ID-based RPF selection policy.
The P IM mode in the source VPN instance and the receiver VPN instance must be t he same. Only
PIM-SM and PIM-SSM are supported.
When you use PIM-SM, use one of the following schemes as a best practice:
• Specifying only the multicast source address—Configure two RPF selection policies as
follows:
 In one policy, configure the multicast source address as the RP address of the multicast
group that requires inter-VPN transmission.
 In the other policy, specify the multicast source address of the source VPN instance.
If multiple multicast groups require inter-VPN transmission, configure a dedicated RP for the
multicast groups and specify the multicast source address as the RP address in RPF selection
policies.
• Specifying only the multicast group address—Configure one RPF selection policy that
specifies the multicast group address of the source VPN instance.
When you use PIM-SSM, configure one RPF selection policy that contains both the multicast
source address and multicast group address as a best practice.
Multicast packets can only be forwarded between two VPNs. The receiver VPN instance cannot
also be the source VPN instance.
You cannot specify both an L3 VXLAN ID and an MPLS L3VPN instance for a multicast source
address and multicast group address pair.
• In PIM-SM mode, you can configure one RPF selection policy that specifies an L3 VXLAN ID
or VPN instance for a multicast group address.
• In PIM-SSM mode, you can configure one RPF selection policy that specifies an L3 VXLAN ID
or VPN instance for a multicast source address and multicast group address pair.
For a receiver VPN instance, you must configure the same types of RPF selection policies for all
multicast traffic from the same source VPN instance.
If an IP v4 or IP v6 MVPN extranet RPF selection policy with only the multicast group address
specified is configured in the receiver VPN instance, the multicast traffic for the intra-VP N
transmission will be interrupted.
Multicast source addresses in different MV XLA N extranet RPF routing policies cannot be the same,
but they can overlap. The same restriction applies to the multicast group addresses in different
MV XLA N extranet RPF routing policies. If multiple routing policies exist for an (S, G) entry, the
devic e selects the policy in which the multicast group address has the longest mask. If multiple
policies have the same mask length, the devic e selects the policy in which the multicast source
address has the longest mask.

25
Configuring an IPv4 MVXLAN extranet RPF selection policy
1. Enter system view.
system-view
2. Enter MRIB view.
multicast routing [ vpn-instance vpn-instance-name ]
3. Configure an IPv4 MVXLAN extranet RPF selection policy.
multicast extranet select-rpf [ l3-vni vxlan-id | vpn-instance
vpn-instance-name ] { source source-address { mask | mask-length } |
group group-address { mask | mask-length } } *
Configuring an IPv6 MVXLAN extranet RPF selection policy
1. Enter system view.
system-view
2. Enter IPv6 MRIB view.
ipv6 multicast routing [ vpn-instance vpn-instance-name ]
3. Configure an IPv6 MVXLAN extranet RPF selection policy.
ipv6 multicast extranet select-rpf [ l3-vni vxlan-id | vpn-instance
vpn-instance-name ] { group group-address prefix-length | source
source-address prefix-length } *

Configuring M-LAG in MVXLAN

About this task
For two V TEPs or border devic es to be identified as one device, you must assign the same IP
address to the MV XLA N source interfaces on them and specify that IP address as the virtual V TEP
address. The devices use the virtual V TEP address as the multicast source address to set up
MVXLAN tunnels with other devices.
Restrictions and guidelines
For M-LAG in MVXLAN to take effect, you must enable both Layer 2 and Layer 3 multicast.
To use M-LAG in MVXLAN, follow these restrictions:
• All ACs must be dualhomed to the M-LAG member devices. Singlehomed ACs are not
supported.
• The peer link can only be an Ethernet aggregate link.
• You cannot use M-LAG to aggregate the links between two V TEPs or bet ween a V TEP and a
border device.
You can use only PIM SM on an M-LAG system. The M-LAG member devices load share multicast
traffic based on the multicast destination address. They do not support load sharing based on the
multicast source address.
Follow these interface restrictions when you configure M-LAG in MVXLAN:
• Use Layer 3 interfaces of the M-LAG member devices to connect to the transport-facing
interfaces of peer border devices or VTEPs. If you use one VLAN interface on each M-LAG
member device, make sure the VLAN interface numbers are different.
• If you use a VLAN interface as a public network interface on one M-LAG member device, do
not create a VLAN for the VLAN interface on the other M-LAG member device or configure the
peer link to transmit traffic of the VLAN. Violation of this restriction causes traffic forwarding
failure.

26
 If t he peer link fails, each M-LAG member devic e sets its MVXLAN tunnel source address to the
local M-LAG member device address and forwards multicast traffic only through the default group.
Instead of load sharing multicast traffic, each M-LA G member device forwards all received multicast
traffic. When the peer link recovers, the M -LAG member devices set the MV XLA N tunnel sourc e
addresses to the virtual V TEP address. They are able t o perform switchover to data groups and
load share multicast traffic.
If you configure both M-LAG in MVXLAN and M-LAG in EVPN or EVPN-DCI, follow these
restrictions and guidelines:
• In addition to M-LAG in MVXLAN configuration, you must also execute the evpn m-lag
group command to specify the MVXLAN source interface address as the virtual VTEP
address.
• For an MVXLAN, the following settings are in descending order of priority:
 The m-lag local setting in MVXLAN address family view. This setting takes effect on a
per-MVXLAN basis.
 The multicast-vpn vxlan m-lag local setting in system view. This setting takes
effect on al MVXLANs.
 The evpn m-lag local setting in system view. This setting takes effect on al MVXLANs.
Procedure
1. Enter system view.
system-view
2. Globally specify the IP addresses of the member devices in an M-LAG system.
multicast-vpn vxlan m-lag local local-ipv4-address remote
remote-ipv4-address
By default, the IP addresses of the member devices in an M-LAG system are not specified
globally.
3. Enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
4. Enter MVXLAN IPv4 or IPv6 address family view.
IPv4:
address-family ipv4
IPv6:
address-family ipv6
5. Specify the IP addresses of the member devices in the M-LAG system.
m-lag local local-ipv4-address remote remote-ipv4-address
By default, the IP addresses of the member devices in an M-LAG system are not specified.
6. Specify an MVXLAN source interface to provide the virtual VTEP address.
source interface-type interface-number evpn-m-lag-group
By default, no MVXLAN source interface is specified.

Configuring DCI Layer 3 multicast

About this task
When the multicast source and multicast receivers reside in different data cent ers, configure bot h
MDT-based MV XLA N and DCI Layer 3 multicast for multicast traffic to be transmitted between the
data centers.

27
Restrictions and guidelines
Do not attach a multicast source or multicast receiver to an ED.
Multicast source migration is not supported in the same data center or across data centers.
If you use dynamic VXLAN-DCI tunnels, execute the dci enable command on the Layer 3
interfaces that interconnect the EDs. This restriction does not apply to static VXLAN-DCI tunnels.
If you use intermediat e L3 V XLAN ID mapping, make sure the route targets of different intermediat e
VPN instances do not overlap. For example, the export route t argets of one intermediate VP N
instance cannot overlap with the import route targets of another intermediate VPN instance.
To use DCI Layer 3 multicast, you must configure routing policies on eac h ED to disable it from
sending any EDs the S-PMSI A-D and SMET routes received from other local or remote EDs.

Configuring an ED
1. Enter system view.
system-view
2. Enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
3. Enter MVXLAN IPv4 address family view.
address-family ipv4
4. Enable DCI multicast.
dci enable
By default, DCI multicast is disabled.
5. (Optional.) Configure the device to modify the information in received BGP EVPN routes.
a. Execute the following commands in sequence to return to system view.
quit
quit
b. Enter BGP instance view.
bgp as-number [ instance instance-name ]
c. Enter BGP EVPN address family view.
address-family l2vpn evpn
d. Configure the device to modify the information in received BGP EVPN routes.
peer { group-name | ipv4-address [ mask-length ] } re-originated
[ smet | s-pmsi ] [ replace-rt ]
By default, the device does not modify the BGP EVPN routes that are received from peers
or peer groups.
Execute this command if a VPN instance uses different L3 VXLAN IDs at two data centers.
For more information about this command, see EVPN Command Reference.

Configuring a VTEP
Restrictions and guidelines
If you execute both the s-pmsi advertise source-active and data-group commands,
set the data-delay period to be longer than t he frequency of sending the same route update t o a
peer or peer group. If you fail to do so, BGP might suppress advertisement of the S-PMS I routes for
the data group, and traffic will be interrupted during the switchover from the default MDT to the data

28
 MDT. To set the data-delay period, use the data-delay command. To set the frequency of
sending the same route update to a peer or peer group, use the peer
route-update-interval command.
Procedure
1. Enter system view.
system-view
2. Enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
3. Enter MVXLAN IPv4 address family view.
address-family ipv4
4. Enable the device to advertise active multicast sources through S-PMSI routes.
s-pmsi advertise source-active
By default, the device does not advertise active multicast sources through S-PMSI routes.
This command enables the VTEP to advertise an S-PMSI route for a (S, G) entry after it
receives multicast traffic for the entry. The S-PMSI routes carry information about active
multicast sources and allow other VTEPs and EDs in the MVXLAN network to be aware of
multicast source location changes.

Configuring an ED group for DCI Layer 3

multicast
About this task
Perform this task to deploy an ED group that contains multiple EDs in a data center to avoid
single-point of failure for DCI Layer 3 multicast.
If one of the redundant EDs fails at a multihomed site with DCI Layer 3 multicast configured, traffic
of the failed E D is distributed to the other E Ds for forwarding. After the failed E D recovers, it will
advertise BGP EVPN routes to create multicast forwarding entries. If traffic is switched back before
the recovered ED creates multicast forwarding entries, traffic forwarding is interrupted. To avoid
traffic interruption, set the traffic switchback delay on all the redundant EDs.
Restrictions and guidelines
To avoid multicast traffic forwarding failures, each VTEP must establish VXLA N tunnels to the real
IP addresses of all EDs in the same data center. You must manually establish these tunnels or use
the vxlan default-decapsulation command to enable default IP v4 V XLA N decapsulation
on the VTEPs.
Make sure all EDs in the same data center have BGP routes to reac h each other. In addition, do not
configure BGP route reorigination on the EDs.
Make sure that the EDs at the same data center do not send S-PMS I A-D or SME T routes to one
another. If the EDs might send BGP routes, configure routing policies on each E D to disable it from
sending other local EDs the S-PMSI A-D and SMET routes received from BGP peers.
You can set the traffic switchback delay in system view and MV XLAN address family view. The
global traffic switchback delay takes effect on all MV XLANs, and the traffic switchback delay set in
MV XLA N address family view takes effect on a per-MV XLA N basis. For an MV XLAN, the
MVXLAN-specific traffic switchback delay takes precedence over the global one.
Prerequisites
Complete DCI Layer 3 multicast settings. For more information, see " Configuring DCI Layer 3
multicast."

29
Procedure
1. Enter system view.
system-view
2. Specify a virtual ED address.
evpn edge group group-ipv4
By default, no virtual ED address is configured.
For more information about this command, see EVPN Command Reference.
3. Specify a peer ED for ED redundancy in the same data center for Layer 3 multicast in DCI
multihoming scenarios.
multicast-vpn vxlan edge remote remote-ipv4-address
By default, no peer ED is specified for ED redundancy in the same data center for Layer 3
multicast in DCI multihoming scenarios.
4. Set the global traffic switchback delay.
multicast-vpn vxlan dci switch-delay delay-time
By default, the global traffic switchback delay is 10 seconds.
5. Enter MVXLAN view.
multicast-vpn vxlan vpn-instance instance-name mode mdt
6. Enter MVXLAN IPv4 address family view.
address-family ipv4
7. Set the MVXLAN-specific traffic switchback delay.
dci switch-delay delay-time
By default, the global traffic switchback delay set by using the multicast-vpn vxlan dci
switch-delay command takes effect.

Display and maintenance commands for

MDT-based MVXLAN
Execute display commands in any view.

Task Command

display multicast-vpn vxlan { vpn-instance

instance-name | public-instance } data-group
receive [ brief | [ active | group group-address
Display received IPv4 data group
information in an MVXLAN. | sender source-address | vpn-source-address
[ mask { mask-length | mask } ] |
vpn-group-address [ mask { mask-length |
mask } ] ] * ]
display multicast-vpn vxlan { vpn-instance
instance-name | public-instance } data-group
Display sent IPv4 data group send [ group group-address | vpn-source-address
information in an MVXLAN. [ mask { mask-length | mask } ] |
vpn-group-address [ mask { mask-length |
mask } ] ] *
display multicast-vpn vxlan [ vpn-instance
Display information about IPv4
default groups. instance-name | public-instance ]
default-group { local | remote }

30
 Task Command

display multicast-vpn vxlan vpn-instance

instance-name ipv6 data-group receive [ brief |
Display received IPv6 data group [ active | group group-address | sender
information in an MVXLAN. source-address | vpn-source-address
[ prefix-length ] | vpn-group-address
[ prefix-length ] ] * ]
display multicast-vpn vxlan vpn-instance
instance-name ipv6 data-group send [ group
Display sent IPv6 data group
information in an MVXLAN.
group-address | vpn-source-address
[ prefix-length ] | vpn-group-address
[ prefix-length ] ] *
display multicast-vpn vxlan [ vpn-instance
Display information about IPv6
default groups.
instance-name ] ipv6 default-group { local |
remote }

MDT-based MVXLAN configuration examples

Example: Configuring intra-VPN MVXLAN Layer 3 multicast
forwarding (IPv4 site network)
Network configuration
As shown in Figure 10, VM 1 is the multicast source of multicast group 225.0.0.0, and the other
VMs are multicast receivers. Configure MV XLAN to forward the multicast traffic from t he source to
the receivers.
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to extend VLAN 2 and VLAN 3
across the sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services.
Configure Switch C as a border gateway to provide access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.
• Configure PIM-SM on the transport-facing interfaces of Switches A through D. Configure IGMP
snooping on Switches A through C for multicast forwarding entry creation.

31
 Figure 10 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport Vlan-int12
VSI-int1 netw ork 12.1.1.4/24
10.1.1.1/24
VSI-int2 VSI-int1
10.1.2.1/24 10.1.1.1/24 Vlan-int13
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10.1.2.1/24 Loop0
12.1.1.2/24
Sw itch C
1.1.1.1/32 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 netw ork
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify
10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 10. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN and IP multicast routing.
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping

32
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create VLAN-interface 11 and enter its view.
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# Enable PIM-SM on VLAN-interface 11.
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# Create VXLAN 20.

[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# Create VLAN 2.
[SwitchA] vlan 2

33
[SwitchA-vlan2] quit
# Create VLAN 3.
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit

# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2

34
 [SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
5. Configure Switch B:
# Enable L2VPN and IP multicast routing.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing

35
[SwitchB-mrib] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create VLAN-interface 12 and enter its view.
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# Enable PIM-SM on VLAN-interface 12.
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable

# Create VXLAN 20.

[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit

36
[SwitchB-bgp-default] quit
# Create VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# Create VLAN 3.
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure Twenty-FiveGigE 1/0/2 as a trunk port and assign it to VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 1:1
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit

# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit

37
 # Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] source loopback 0
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 12.12.12.12
[SwitchB-pim-vpna] c-rp 12.12.12.12
[SwitchB-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
6. Configure Switch C:
# Enable L2VPN and IP multicast routing.

38
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create VLAN-interface 13 and enter its view.
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# Enable PIM-SM on VLAN-interface 13.
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 1:1
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# Enable IP multicast routing on VPN instance vpna.
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] source loopback 0
[SwitchC-mvxlan-vpna-ipv4] quit

39
 [SwitchC-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 12.12.12.12
[SwitchC-pim-vpna] c-rp 12.12.12.12
[SwitchC-pim-vpna] quit
# Configure a default route. Specify the next hop as 20.1.1.100, the IP address of a device in
the Layer 3 network.
[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100
# Import the default route to the BGP IPv4 unicast routing table of VPN instance vpna.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpna] default-route imported
[SwitchC-bgp-default-ipv4-vpna] import-route static
[SwitchC-bgp-default-ipv4-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# Create VLAN 20 and enter its view.
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# Associate WAN-facing interface VLAN-interface 20 with VPN instance vpna.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
7. Configure Switch D:
# Enable IP multicast routing.
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enter PIM view, and configure Loopback 0 as a candidate-BSR and candidate-RP in the
public network.
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# Enable PIM-SM on VLAN-interface 11.
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm

40
 [SwitchD-Vlan-interface11] quit
# Enable PIM-SM on VLAN-interface 12.
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit

# Enable PIM-SM on VLAN-interface 13.

[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# Establish BGP connections with other transport network switches.
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering of received
BGP EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the multicast routing information on Switch A:
# Verify that Switch A has multicast routing entries for VPN instance vpna.
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08

41
 Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:10

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:08:52
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11
2. Verify the multicast routing information on Switch B:
# Verify that Switch B has multicast routing entries for VPN instance vpna.
<SwitchB> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 05:04:06
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1

42
 Protocol: igmp, UpTime: 05:04:06, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ FROMVXLAN
UpTime: 01:57:12
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 01:57:12, Expires: -
# Verify that Switch B has multicast routing entries for the public network.
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 01:59:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:59:46, Expires: -

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:58:46, Expires: -

Example: Configuring intra-VPN MVXLAN Layer 3 multicast

forwarding (IPv6 site network)
Network configuration
As shown in Figure 10, VM 1 is the multicast source of multicast group FF1E::, and the other VMs
are multicast receivers. Configure MV XLA N to forward the multicast traffic from the source to the
receivers.

43
 • Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to extend VLAN 2 and VLAN 3
across the sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services.
Configure Switch C as a border gateway to provide access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.
• Configure PIM-SM on the transport-facing interfaces of Switches A through D. Configure MLD
snooping on Switches A through C for multicast forwarding entry creation.
Figure 11 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
VSI-int1
netw ork Vlan-int12
12.1.1.4/24
10:1::1:1/96
VSI-int2 VSI-int1
10:1::2:1/96 Vlan-int13
10:1::1:1/96
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10:1::2:1/96 Loop0
12.1.1.2/24
Sw itch C
1.1.1.1/32 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20:1::1:3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 netw ork
M M M M
1 2 3 4

10:1::1:10 10:1::2:10 10:1::1:20 10:1::2:20

Server 1 Server 2 Server 3

Procedure
1. On VM 1 and VM 3, specify 10:1::1:1 as the gateway address. On VM 2 and VM 4, specify
10:1::2:1 as the gateway address. (Details not shown.)
2. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 10. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
3. Configure Switch A:
# Enable L2VPN and IP multicast routing.
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# Enable the MLD snooping feature.
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# Disable remote MAC address learning and remote ND learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel nd-learning disable

# Create VLAN-interface 11 and enter its view.

44
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11

# Enable PIM-SM on VLAN-interface 11.

[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable MLD snooping and MLD snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] mld-snooping enable
[SwitchA-vsi-vpna] mld-snooping proxy enable

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Enable MLD snooping and MLD snooping proxying on VSI vpnb.
[SwitchA-vsi-vpnb] mld-snooping enable
[SwitchA-vsi-vpnb] mld-snooping proxy enable

# Create VXLAN 20.

[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# Create VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# Create VLAN 3.
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2 and VLAN 3.

45
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv6
[SwitchA-vpn-ipv6-vpna] vpn-target 1:1
[SwitchA-vpn-ipv6-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ipv6 address 10:1::1:1 96
[SwitchA-Vsi-interface1] ipv6 pim sm
[SwitchA-Vsi-interface1] ipv6 pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ipv6 address 10:1::2:1 96
[SwitchA-Vsi-interface2] mld enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3

46
 [SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] ipv6 pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchA] ipv6 multicast routing vpn-instance vpna
[SwitchA-mrib6-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv6 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv6
[SwitchA-mvxlan-vpna-ipv6] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv6] source loopback 0
[SwitchA-mvxlan-vpna-ipv6] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv6] quit
[SwitchA-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ipv6 address 12:12::12:12 128
[SwitchA-LoopBack1] ipv6 pim sm
[SwitchA-LoopBack1] quit
# Enter VPN instance IPv6 PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchA] ipv6 pim vpn-instance vpna
[SwitchA-pim6-vpna] c-bsr 12:12::12:12
[SwitchA-pim6-vpna] c-rp 12:12::12:12
[SwitchA-pim6-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
4. Configure Switch B:
# Enable L2VPN and IP multicast routing.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# Enable the MLD snooping feature.
[SwitchB] mld-snooping
[SwitchB-mld-snooping] quit
# Disable remote MAC address learning and remote ND learning.
[SwitchB] vxlan tunnel mac-learning disable

47
[SwitchB] vxlan tunnel nd-learning disable
# Create VLAN-interface 12 and enter its view.
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# Enable PIM-SM on VLAN-interface 12.
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable MLD snooping and MLD snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] mld-snooping enable
[SwitchB-vsi-vpna] mld-snooping proxy enable

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Enable MLD snooping and MLD snooping proxying on VSI vpnb.
[SwitchB-vsi-vpnb] mld-snooping enable
[SwitchB-vsi-vpnb] mld-snooping proxy enable

# Create VXLAN 20.

[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Create VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# Create VLAN 3.
[SwitchB] vlan 3

48
[SwitchB-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure Twenty-FiveGigE 1/0/2 as a trunk port and assign it to VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv6
[SwitchB-vpn-ipv6-vpna] vpn-target 1:1
[SwitchB-vpn-ipv6-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ipv6 address 10:1::1:1 96
[SwitchB-Vsi-interface1] mld enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ipv6 address 10:1::2:1 96
[SwitchB-Vsi-interface2] mld enable
[SwitchB-Vsi-interface2] mac-address 2-2-2

49
 [SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] ipv6 pim sm
[SwitchB-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchB] ipv6 multicast routing vpn-instance vpna
[SwitchB-mrib6-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv6 address
family view. Configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv6
[SwitchB-mvxlan-vpna-ipv6] source loopback 0
[SwitchB-mvxlan-vpna-ipv6] quit
[SwitchB-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ipv6 address 12:12::12:12 128
[SwitchB-LoopBack1] ipv6 pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchB] ipv6 pim vpn-instance vpna
[SwitchB-pim6-vpna] c-bsr 12:12::12:12
[SwitchB-pim6-vpna] c-rp 12:12::12:12
[SwitchB-pim6-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
5. Configure Switch C:
# Enable L2VPN and IP multicast routing.
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Disable remote MAC address learning and remote ND learning.
[SwitchC] vxlan tunnel mac-learning disable

50
[SwitchC] vxlan tunnel nd-learning disable
# Create VLAN-interface 13 and enter its view.
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# Enable PIM-SM on VLAN-interface 13.
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv6
[SwitchC-vpn-ipv6-vpna] vpn-target 1:1
[SwitchC-vpn-ipv6-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] ipv6 pim sm
[SwitchC-Vsi-interface3] quit
# Enable IP multicast routing on VPN instance vpna.
[SwitchC] ipv6 multicast routing vpn-instance vpna
[SwitchC-mrib6-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv6 address
family view. Configure the MVXLAN source interface.
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv6
[SwitchC-mvxlan-vpna-ipv6] source loopback 0
[SwitchC-mvxlan-vpna-ipv6] quit
[SwitchC-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ipv6 address 12:12::12:12 128
[SwitchC-LoopBack1] ipv6 pim sm

51
 [SwitchC-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchC] ipv6 pim vpn-instance vpna
[SwitchC-pim6-vpna] c-bsr 12:12::12:12
[SwitchC-pim6-vpna] c-rp 12:12::12:12
[SwitchC-pim6-vpna] quit
# Configure a default route. Specify the next hop as 20:1::1:100, the IP address of a device in
the Layer 3 network.
[SwitchC] ipv6 route-static vpn-instance vpna 0::0 20:1::1:100
# Import the default route to the BGP IPv6 unicast routing table of VPN instance vpna.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv6 unicast
[SwitchC-bgp-default-ipv6-vpna] default-route imported
[SwitchC-bgp-default-ipv6-vpna] import-route static
[SwitchC-bgp-default-ipv6-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# Create VLAN 20 and enter its view.
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# Associate WAN-facing interface VLAN-interface 20 with VPN instance vpna.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ipv6 address 20:1::1:3 96
[SwitchC-Vlan-interface20] ipv6 pim sm
[SwitchC-Vlan-interface20] quit
6. Configure Switch D:
# Enable IP multicast routing.
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enter PIM view, and configure Loopback 0 as a candidate-BSR and candidate-RP in the
public network.
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit

# Enable PIM-SM on VLAN-interface 11.

[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit

# Enable PIM-SM on VLAN-interface 12.

[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit

# Enable PIM-SM on VLAN-interface 13.

52
 [SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# Establish BGP connections with other transport network switches.
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering of received
BGP EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the multicast routing information on Switch A:
# Verify that Switch A has multicast routing entries for VPN instance vpna.
<SwitchA> display ipv6 pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, FF1E::1)
RP: 12:12::12:12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -

(10:1::1:10, FF1E::1)
RP: 12:12::12:12 (local)
Protocol: pim-sm, Flag: SPT LOC ACT SQ RC SRC-ACT 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -

53
 # Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:10

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:08:52
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11
2. Verify the multicast routing information on Switch B:
# Verify that Switch B has multicast routing entries for VPN instance vpna.
<SwitchB> display ipv6 pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, FF1E::1)
RP: 12:12::12:12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 05:04:06
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: mld, UpTime: 05:04:06, Expires: -

(10:1::1:10, FF1E::1)
RP: 12:12::12::12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ FROMVXLAN
UpTime: 01:57:12
Upstream interface: MVXLAN-UPE0 (::)

54
 Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 01:57:12, Expires: -
# Verify that Switch B has multicast routing entries for the public network.
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 01:59:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:59:46, Expires: -

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:58:46, Expires: -

Example: Configuring MVXLAN extranet on the receiver

VPN instance for symmetrically configured extranet
Network configuration
As shown in Figure 12, VM 1 is the multicast source of multicast group 225.0.0.0, and the other
VMs are multicast receivers. VM 1, VM 2, and VM 3 belong to VPN instance vpna, and VM 4
belongs to VPN instance vpnb. VM 1 and VM 3 are in V XLAN 10, and VM 2 and VM 4 are in
VXLAN 20. Configure MVXLAN to forward the multicast traffic from the source to the receivers.
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to extend VLAN 2 and VLAN 3
across the sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services.
Configure Switch C as a border gateway to provide access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

55
 • Configure PIM-SM on the transport-facing interfaces of Switches A through D. Configure IGMP
snooping on Switches A through C for multicast forwarding entry creation.
• Configure MVXLAN extranet to import the traffic of VPN instance vpna to VPN instance vpnb
based on the L3 VXLAN ID on Switch B.
Figure 12 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport Vlan-int12
VSI-int1 netw ork 12.1.1.4/24
10.1.1.1/24
VSI-int2 VSI-int1
10.1.2.1/24 10.1.1.1/24 Vlan-int13
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10.1.2.1/24 Loop0
1.1.1.1/32 12.1.1.2/24 Sw itch C 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 netw ork
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y

2. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify

10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 12. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN and IP multicast routing.
<SwitchA> system-view
[SwitchA] l2vpn enable

56
[SwitchA] multicast routing
[SwitchA-mrib] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create VLAN-interface 11 and enter its view.
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# Enable PIM-SM on VLAN-interface 11.
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# Create VXLAN 20.

[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

57
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# Create VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# Create VLAN 3.
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2 and VLAN 3.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit

58
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2

59
 [SwitchA-vsi-vpnb] quit
5. Configure Switch B:
# Enable L2VPN and IP multicast routing.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create VLAN-interface 12 and enter its view.
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# Enable PIM-SM on VLAN-interface 12.
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable

# Create VXLAN 20.

[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit

60
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Create VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] quit

# Create VLAN 3.
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure Twenty-FiveGigE 1/0/2 as a trunk port and assign it to VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 1:1
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit

61
# Configure RD and route target settings for VPN instance vpnb.
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# Enable IP multicast routing for VPN instance vpnb.
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# Create an MDT-based MVXLAN for VPN instance vpna, enter MVXLAN IPv4 address family
view, and configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] source loopback 0
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit

62
 # Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 12.12.12.12
[SwitchB-pim-vpna] c-rp 12.12.12.12
[SwitchB-pim-vpna] quit
# Configure Loopback 2.
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpnb
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpnb.
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 13.13.13.13
[SwitchB-pim-vpnb] c-rp 13.13.13.13
[SwitchB-pim-vpnb] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# Enable IP multicast routing for VPN instance vpnb, and import the traffic of VPN instance
vpna to VPN instance vpnb.
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
6. Configure Switch C:
# Enable L2VPN and IP multicast routing.
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create VLAN-interface 13 and enter its view.
[SwitchC] vlan 13
[SwitchC-vlan13] quit

63
[SwitchC] interface vlan-interface 13
# Enable PIM-SM on VLAN-interface 13.
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 1:1
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# Configure RD and route target settings for VPN instance vpnb.
[SwitchC] ip vpn-instance vpnb
[SwitchC-vpn-instance-vpna] route-distinguisher 2:2
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 1:1
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# Enable IP multicast routing for VPN instance vpnb.
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] quit
# Create an MDT-based MVXLAN for VPN instance vpna, enter MVXLAN IPv4 address family
view, and configure the MVXLAN source interface.
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt

64
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] source loopback 0
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 12.12.12.12
[SwitchC-pim-vpna] c-rp 12.12.12.12
[SwitchC-pim-vpna] quit
# Configure Loopback 2.
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpnb
[SwitchC-LoopBack2] ip address 13.13.13.13 32
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpnb.
[SwitchC] pim vpn-instance vpnb
[SwitchC-pim-vpnb] c-bsr 13.13.13.13
[SwitchC-pim-vpnb] c-rp 13.13.13.13
[SwitchC-pim-vpnb] quit
# Configure a default route. Specify the next hop as 20.1.1.100, the IP address of a device in
the Layer 3 network.
[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100
# Import the default route to the BGP IPv4 unicast routing table of VPN instance vpnb.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpnb
[SwitchC-bgp-default-vpnb] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpnb] default-route imported
[SwitchC-bgp-default-ipv4-vpnb] import-route static
[SwitchC-bgp-default-ipv4-vpnb] quit
[SwitchC-bgp-default-vpnb] quit
[SwitchC-bgp-default] quit

# Create VLAN 20.

[SwitchC] vlan 20
[SwitchC-vlan20] quit
# Configure VLAN-interface 20 that connects to the Layer 3 network and associate the
interface with VPN instance vpnb.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24

65
 [SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
# Enable IP multicast routing for VPN instance vpnb, and import the traffic of VPN instance
vpna to VPN instance vpnb.
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
7. Configure Switch D:
# Enable IP multicast routing.
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enter PIM view, and configure Loopback 0 as a candidate-BSR and candidate-RP in the
public network.
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# Enable PIM-SM on VLAN-interface 11.
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# Enable PIM-SM on VLAN-interface 12.
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit

# Enable PIM-SM on VLAN-interface 13.

[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# Establish BGP connections with other transport network switches.
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering of received
BGP EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

66
Verifying the configuration
1. Verify the multicast routing information on Switch A:
# Verify that Switch A has multicast routing entries for VPN instance vpna.
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 03:01:20
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 03:01:22, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 03:01:20
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 03:01:22, Expires: -
# Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 04:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 04:09:40, Expires: 00:03:10

67
 (1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:00:20
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:00:20, Expires: 00:03:11
2. Verify the multicast routing information on Switch B:
# Verify that Switch B has multicast routing entries for VPN instance vpna.
<SwitchB> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 03:01:20
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 03:01:20, Expires: -
2: Vsi-interface1
Protocol: igmp, UpTime: 03:01:20, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT FROMVXLAN
UpTime: 03:00:20
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 03:00:20, Expires: -
2: Vsi-interface1
Protocol: pim-sm, UpTime: 03:00:20, Expires: -
# Verify that Switch B has multicast routing entries for VPN instance vpnb.
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC

68
 UpTime: 03:01:20
Upstream interface: Extranet (VPN: vpna, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: igmp, UpTime: 05:04:11, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 03:00:20
Upstream interface: Extranet (VPN: vpna, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: pim-sm, UpTime: 03:00:20, Expires: -
# Verify that Switch B has multicast routing entries for the public network.
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 04:09:00
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:09:40, Expires: -

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 03:00:20
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:00:20, Expires: -

69
Example: Configuring MVXLAN extranet on the receiver
VPN instance for asymmetrically configured extranet
Network configuration
As shown in Figure 13, VM 1 is the multicast source of multicast group 225.0.0.0, and t he ot her
VMs are multicast receivers. VM 1 and VM 2 belong to VPN instance vpna, VM 3 belongs to VPN
instance vpnb, and VM 4 belongs to vpnc. VM 1 and VM 3 are in V XLAN 10, and VM 2 and VM 4
are in V XLAN 20. Configure MV XLA N to forward the multicast traffic from the source to the
receivers.
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to extend VLAN 2 and VLAN 3
across the sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services.
Configure Switch C as a border gateway to provide access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.
• Configure PIM-SM on the transport-facing interfaces of Switches A through D. Configure IGMP
snooping on Switches A through C for multicast forwarding entry creation.
• Configure MVXLAN extranet to import the traffic of VPN instance vpna to VPN instance vpnb
and VPN instance vpnc based on the L3 VXLAN ID on Switch B.
Figure 13 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
Vlan-int12
VSI-int1 netw ork 12.1.1.4/24
10.1.1.1/24
VSI-int2 VSI-int1
10.1.2.1/24 10.1.1.1/24 Vlan-int13
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10.1.2.1/24 Loop0
12.1.1.2/24
Sw itch C
1.1.1.1/32 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 netw ork
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot

70
 Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y

2. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify

10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 13. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN and IP multicast routing.
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create VLAN-interface 11 and enter its view.
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# Enable PIM-SM on VLAN-interface 11.
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan

71
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# Create VXLAN 20.

[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# Create VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# Create VLAN 3.
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2 and VLAN 3.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1

72
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32

73
 [SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
5. Configure Switch B:
# Enable L2VPN and IP multicast routing.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create VLAN-interface 12 and enter its view.
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# Enable PIM-SM on VLAN-interface 12.
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10

74
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable

# Create VXLAN 20.

[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Create VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] quit

# Create VLAN 3.
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure Twenty-FiveGigE 1/0/2 as a trunk port and assign it to VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000

75
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance vpnb.
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# Configure RD and route target settings for VPN instance vpnc.
[SwitchB] ip vpn-instance vpnc
[SwitchB-vpn-instance-vpnc] route-distinguisher 3:3
[SwitchB-vpn-instance-vpnc] address-family ipv4
[SwitchB-vpn-ipv4-vpnc] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnc] quit
[SwitchB-vpn-instance-vpnc] address-family evpn
[SwitchB-vpn-evpn-vpnc] vpn-target 1:1
[SwitchB-vpn-evpn-vpnc] quit
[SwitchB-vpn-instance-vpnc] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnc
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Configure the L3 VXLAN ID as 1000 for VSI-interface 3.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit

76
# Enable IP multicast routing for VPN instance vpnb.
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit

# Enable IP multicast routing for VPN instance vpnc.

[SwitchB] multicast routing vpn-instance vpnc
[SwitchB-mrib-vpnc] quit
# Create an MDT-based MVXLAN for VPN instance vpnb, enter MVXLAN IPv4 address family
view, and configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# Create an MDT-based MVXLAN for VPN instance vpnc, enter MVXLAN IPv4 address family
view, and configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpnc mode mdt
[SwitchB-mvxlan-vpnc] address-family ipv4
[SwitchB-mvxlan-vpnc-ipv4] source loopback 0
[SwitchB-mvxlan-vpnc-ipv4] quit
[SwitchB-mvxlan-vpnc] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpnb.
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 12.12.12.12
[SwitchB-pim-vpnb] c-rp 12.12.12.12
[SwitchB-pim-vpnb] quit
# Configure Loopback 2.
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpnc
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpnc.
[SwitchB] pim vpn-instance vpnc
[SwitchB-pim-vpnc] c-bsr 13.13.13.13
[SwitchB-pim-vpnc] c-rp 13.13.13.13
[SwitchB-pim-vpnc] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit

77
 # Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# Enable IP multicast routing for VPN instance vpnb and VPN instance vpnc, and import the
traffic of VPN instance vpna to VPN instance vpnb and VPN instance vpnc.
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
[SwitchB] multicast routing vpn-instance vpnc
[SwitchB-mrib-vpnc] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
6. Configure Switch C:
# Enable L2VPN and IP multicast routing.
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create VLAN-interface 13 and enter its view.
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# Enable PIM-SM on VLAN-interface 13.
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpnb.
[SwitchC] ip vpn-instance vpnb
[SwitchC-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchC-vpn-instance-vpnb] address-family ipv4
[SwitchC-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchC-vpn-ipv4-vpnb] quit
[SwitchC-vpn-instance-vpnb] address-family evpn
[SwitchC-vpn-evpn-vpnb] vpn-target 1:1
[SwitchC-vpn-evpn-vpnb] quit
[SwitchC-vpn-instance-vpnb] quit
# Configure the L3 VXLAN ID as 1000 for VSI-interface 3.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm

78
[SwitchC-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpnb.
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpna] quit

# Create an MDT-based MVXLAN for VPN instance vpnb, enter MVXLAN IPv4 address family
view, and configure the MVXLAN source interface.
[SwitchC] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchC-mvxlan-vpnb] address-family ipv4
[SwitchC-mvxlan-vpnb-ipv4] source loopback 0
[SwitchC-mvxlan-vpnb-ipv4] quit
[SwitchC-mvxlan-vpnb] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpnb
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpnb.
[SwitchC] pim vpn-instance vpnb
[SwitchC-pim-vpnb] c-bsr 12.12.12.12
[SwitchC-pim-vpnb] c-rp 12.12.12.12
[SwitchC-pim-vpnb] quit
# Configure a default route. Specify the next hop as 20.1.1.100, the IP address of a device in
the Layer 3 network.
[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100
# Import the default route to the BGP IPv4 unicast routing table of VPN instance vpnb.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpnb
[SwitchC-bgp-default-vpnb] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpnb] default-route imported
[SwitchC-bgp-default-ipv4-vpnb] import-route static
[SwitchC-bgp-default-ipv4-vpnb] quit
[SwitchC-bgp-default-vpnb] quit
[SwitchC-bgp-default] quit
# Create VLAN 20.
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# Configure VLAN-interface 20 that connects to the Layer 3 network and associate the
interface with VPN instance vpnb.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
# Enable IP multicast routing for VPN instance vpnb, and import the traffic of VPN instance
vpna to VPN instance vpnb.
[SwitchC] multicast routing vpn-instance vpnb

79
 [SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
7. Configure Switch D:
# Enable IP multicast routing.
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enter PIM view, and configure Loopback 0 as a candidate-BSR and candidate-RP in the
public network.
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# Enable PIM-SM on VLAN-interface 11.
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# Enable PIM-SM on VLAN-interface 12.
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit

# Enable PIM-SM on VLAN-interface 13.

[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# Establish BGP connections with other transport network switches.
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering of received
BGP EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the multicast routing information on Switch A:
# Verify that Switch A has multicast routing entries for VPN instance vpna.
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)

80
 RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:56:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 02:57:31, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 02:56:31
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:21, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 02:56:31, Expires: -
# Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:08:52, Expires: 00:03:10

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:55:31
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL

81
 RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 02:55:20, Expires: 00:03:11
2. Verify the multicast routing information on Switch B:
# Verify that Switch B has multicast routing entries for VPN instance vpnb.
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:32
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 02:56:32, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:55:20
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 02:55:20, Expires: -
# Verify that Switch B has multicast routing entries for VPN instance vpnc.
<SwitchB> display pim vpn-instance vpnc routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:32
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: igmp, UpTime: 02:56:32, Expires: -

(10.1.1.10, 225.0.0.0)

82
 RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:55:20
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: pim-sm, UpTime: 02:55:20, Expires: -
# Verify that Switch B has multicast routing entries for the public network.
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 03:08:52
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:08:52, Expires: -

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 02:55:31
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 02:55:31, Expires: -

Example: Configuring MVXLAN extranet with receivers on

both VPNs and the public network
Network configuration
As shown in Figure 14, VM 1 is the multicast source of multicast group 225.0.0.0, and the other
VMs are multicast receivers. VM 1 and VM 2 belong to VPN instance vpna, VM 3 belongs to the
public instance, and VM 4 belongs to VPN instance vpnb. VM 1 and VM 3 are in V XLA N 10, and
VM 2 and VM 4 are in V XLA N 20. Configure MV XLA N to forward the multicast traffic from the
source to the receivers.
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to extend VLAN 2 and VLAN 3
across the sites.

83
 • Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services.
Configure Switch C as a border gateway to provide access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.
• Configure PIM-SM on the transport-facing interfaces of Switches A through D. Configure IGMP
snooping on Switches A through C for multicast forwarding entry creation.
• Configure MVXLAN extranet to import the traffic of VPN instance vpna to VPN instance vpnb
and the public instance.
Figure 14 Network diagram
Loop0
4.4.4.4/32

Sw itch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport Vlan-int12
VSI-int1 netw ork 12.1.1.4/24
10.1.1.1/24
VSI-int2 VSI-int1
10.1.2.1/24 10.1.1.1/24 Vlan-int13
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10.1.2.1/24 Loop0
12.1.1.2/24
Sw itch C
1.1.1.1/32 3.3.3.3/32
Loop0
Sw itch A WGE1/0/1 Sw itch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
WGE1/0/1 WGE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V
L3 netw ork
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the VXLAN hardware resource mode on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y

2. On VM 1 and VM 2, specify 10.1.1.1 as the gateway address. On VM 3 and VM 4, specify

10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 14. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)

84
4. Configure Switch A:
# Enable L2VPN and IP multicast routing.
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create VLAN-interface 11 and enter its view.
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# Enable PIM-SM on VLAN-interface 11.
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# Create VXLAN 20.

[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit

85
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# Create VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# Create VLAN 3.
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2 and VLAN 3.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1

86
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit

87
 # Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
5. Configure Switch B:
# Enable L2VPN and IP multicast routing.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create VLAN-interface 12 and enter its view.
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# Enable PIM-SM on VLAN-interface 12.
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpnb.
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable

88
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Create VLAN 2.
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# Create VLAN 3.
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# Configure Twenty-FiveGigE 1/0/1 as a trunk port and assign it to VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# Configure Twenty-FiveGigE 1/0/2 as a trunk port and assign it to VLAN 3.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# On Twenty-FiveGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance vpnb.
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn

89
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# Configure RD and route target settings for the public instance.
[SwitchB] ip public-instance
[SwitchB-public-instance] route-distinguisher 2:2
[SwitchB-public-instance] address-family ipv4
[SwitchB-public-instance-ipv4] vpn-target 1:1
[SwitchB-public-instance-ipv4] quit
[SwitchB-public-instance] address-family evpn
[SwitchB-public-instance-evpn] vpn-target 1:1
[SwitchB-public-instance-evpn] quit
[SwitchB-public-instance] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Create VSI-interface 4 and configure its L3 VXLAN ID as 1000.
[SwitchB] interface vsi-interface 4
[SwitchB-Vsi-interface4] l3-vni 1000
[SwitchB-Vsi-interface4] pim sm
[SwitchB-Vsi-interface4] quit
# Enable IP multicast routing for VPN instance vpnb.
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# Create an MDT-based MVXLAN for VPN instance vpnb, enter MVXLAN IPv4 address family
view, and configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb

90
 [SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpnb.
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 12.12.12.12
[SwitchB-pim-vpnb] c-rp 12.12.12.12
[SwitchB-pim-vpnb] quit
# Configure Loopback 2.
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# Create IPv4 basic ACL 2000 and enter its view. Create a rule in the ACL to permit only
packets from 225.0.0.0/8.
[SwitchB-acl-ipv4-basic-2000] acl basic 2000
[SwitchB-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchB-acl-ipv4-basic-2000] quit
# Enter public instance PIM view, configure Loopback 2 as a candidate-BSR and
candidate-RP in the public instance, and specify a candidate-RP policy.
[SwitchB] pim
[SwitchB-pim] c-bsr 13.13.13.13
[SwitchB-pim] c-rp 13.13.13.13 group-policy 2000
[SwitchB-pim] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# Enable IP multicast routing for VPN instance vpnb, and import the traffic of VPN instance
vpna to VPN instance vpnb.
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf group 225.0.0.0 16
6. Configure Switch C:
# Enable L2VPN and IP multicast routing.
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create VLAN-interface 13 and enter its view.
[SwitchC] vlan 13

91
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# Enable PIM-SM on VLAN-interface 13.
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for the public instance.
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 1:1
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] quit
# Configure the L3 VXLAN ID as 1000 for VSI-interface 3.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# Create an MDT-based MVXLAN for the public instance, enter MVXLAN IPv4 address family
view, and configure the MVXLAN source interface.
[SwitchC] multicast-vpn vxlan public-instance mode mdt
[SwitchC-mvxlan-public-instance] address-family ipv4
[SwitchC-mvxlan-public-instance-ipv4] source loopback 0
[SwitchC-mvxlan-public-instance-ipv4] quit
[SwitchC-mvxlan-public-instance] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# Create IPv4 basic ACL 2000 and enter its view. Create a rule in the ACL to permit only
packets from 225.0.0.0/8.
[SwitchC-acl-ipv4-basic-2000] acl basic 2000
[SwitchC-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchC-acl-ipv4-basic-2000] qui
# Enter PIM view, and configure Loopback 1 as a candidate-BSR and candidate-RP in the
public network.
[SwitchC] pim

92
 [SwitchC-pim] c-bsr 12.12.12.12
[SwitchC-pim] c-rp 12.12.12.12 group-policy 2000
[SwitchC-pim] quit
# Configure a default route. Specify the next hop as 20.1.1.100, the IP address of a device in
the Layer 3 network.
[SwitchC] ip route-static 0.0.0.0 0 20.1.1.100
# Import the default route to the BGP IPv4 unicast routing table of the public instance.
[SwitchC] bgp 200
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4] default-route imported
[SwitchC-bgp-default-ipv4] import-route static
[SwitchC-bgp-default-ipv4] quit
[SwitchC-bgp-default] quit
# Create VLAN 20.
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# Configure VLAN-interface 20 that connects to the Layer 3 network and associate the
interface with the public instance.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
7. Configure Switch D:
# Enable IP multicast routing.
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enter PIM view, and configure Loopback 0 as a candidate-BSR and candidate-RP in the
public network.
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit

# Enable PIM-SM on VLAN-interface 11.

[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit

# Enable PIM-SM on VLAN-interface 12.

[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit

# Enable PIM-SM on VLAN-interface 13.

[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit

# Establish BGP connections with other transport network switches.

[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn

93
 [SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering of received
BGP EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target

# Configure Switch D as an RR.

[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the multicast routing information on Switch A:
# Verify that Switch A has multicast routing entries for VPN instance vpna.
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 02:56:31
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:31, Expires: -
# Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4

94
 Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:09:50, Expires: 00:03:10

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:55:31
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 02:55:28, Expires: 00:03:11
2. Verify the multicast routing information on Switch B:
# Verify that Switch B has multicast routing entries for VPN instance vpnb.
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:35
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 11: Vsi-interface2
Protocol: igmp, UpTime: 02:56:35, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:31
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1 1: Vsi-interface2
Protocol: igmp, UpTime: 02:56:31, Expires: -
# Verify that Switch B has multicast routing entries for the public network.
<SwitchB> display pim routing-table

95
Total 1 (*, G) entries; 3 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -

(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -

(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 03:00:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:00:46, Expires: -

(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 02:56:31
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4

96
 Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 02:56:31, Expires: -

Example: Configuring M-LAG in MVXLAN with an Ethernet

aggregate link as the peer link
Network configuration
As shown in Figure 15, set up M-LAG systems as follows:
• Set up an M-LAG system with distributed EVPN gateways Switch A and Switch B. The devices
are attached to multicast source 1.
• Set up an M-LAG system with distributed EVPN gateways Switch C and Switch D. The devices
are attached to multicast receiver 1.
• Set up an M-LAG system with border devices Switch E and Switch F. The devices are attached
to multicast receiver 2. Configure the devices as RRs to reflect BGP EVPN routes.
• Configure an Ethernet aggregate link as the peer link for each M-LAG system.
• Configure IGMP snooping on Switches A through F for multicast forwarding entry creation.
• Configure PIM-SM on the transport-facing interfaces of Switches A through F.
• Configure VXLAN 10 on the M-LAG systems for the multicast receivers to receive multicast
traffic from multicast source 1.
Figure 15 Network diagram

Receiver 2
(*, G)
Internet

WGE1/0/1 WGE1/0/3 WGE1/0/3 WGE1/0/1

Vlan-int11 Vlan-int11
Sw itch E Sw itch F
WGE1/0/2 WGE1/0/2
Vlan-int3 Vlan-int10
Transport
netw ork

Vlan-int3
Sw itch A Vlan-int5 Vlan-int8 Vlan-int10
Vlan-int4 Vlan-int6 Vlan-int7
Loop2
Loop1
Loop0

WGE1/0/2 WGE1/0/2
Loop2
Loop1
Loop0
Loop0
Loop1
Loop2

Loop0
Loop1
Loop2

WGE1/0/2 WGE1/0/2
WGE1/0/3 WGE1/0/3 WGE1/0/3 WGE1/0/3
WGE1/0/1 Vlan-int2 Vlan-int2 Sw itch B Sw itch C Vlan-int12 Vlan-int12 Sw itch D
WGE1/0/1 WGE1/0/1 WGE1/0/1

Site 1
Site 2

Source 1 Receiver 1
(S1, G) (*, G)

97
 Device Interface IP address Device Interface IP address
Switch A Loop0 1.1.1.1/32 Switch B Loop0 2.2.2.2/32
Loop1 1.2.3.4/32 Loop1 1.2.3.4/32
Loop2 1.2.3.4/32 Loop2 1.2.3.4/32
Vlan-int2 192.168.1.1/24 Vlan-int2 192.168.1.2/24
Vlan-int3 30.1.1.1/24 Vlan-int5 50.1.1.2/24
Vlan-int4 40.1.1.1/24 Vlan-int6 60.1.1.2/24
Switch C Loop0 3.3.3.3/32 Switch D Loop0 4.4.4.4/32
Loop1 1.2.3.6/32 Loop1 1.2.3.6/32
Loop2 1.2.3.6/32 Loop2 1.2.3.6/32
Vlan-int7 70.1.1.3/24 Vlan-int9 90.1.1.4/24
Vlan-int8 80.1.1.3/24 Vlan-int10 100.1.1.4/24
Vlan-int12 192.168.3.1/24 Vlan-int12 192.168.3.2/24
Switch E Loop0 5.5.5.5/32 Switch F Loop0 6.6.6.6/32
Loop1 1.2.3.5/32 Loop1 1.2.3.5/32
Loop2 1.2.3.5/32 Loop2 1.2.3.5/32
Vlan-int3 30.1.1.5/24 Vlan-int4 40.1.1.6/24
Vlan-int5 50.1.1.5/24 Vlan-int6 60.1.1.6/24
Vlan-int7 70.1.1.5/24 Vlan-int8 80.1.1.6/24
Vlan-int9 90.1.1.5/24 Vlan-int10 100.1.1.6/24
Vlan-int11 192.168.4.1/24 Vlan-int11 192.168.4.2/24

Procedure
1. Set the VXLAN hardware resource mode on Switches A through F and reboot the switches.
This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y

2. Configure IP addresses and unicast routing settings:

# Assign IP addresses to interfaces, as shown in Figure 15. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through F) for them to reach
one another. (Details not shown.)
3. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Specify the virtual VTEP address as 1.2.3.4.
[SwitchA] evpn m-lag group 1.2.3.4
# Specify the IP addresses of the member devices in the M-LAG system.

98
[SwitchA] evpn m-lag local 1.1.1.1 remote 2.2.2.2
# Enable IP multicast routing.
[SwitchA] multicast routing
[SwitchA-mrib] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 5.5.5.5 as-number 200
[SwitchA-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchA-bgp-default] peer 6.6.6.6 as-number 200
[SwitchA-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchA-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

99
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# Configure Loopback 0.
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip address 1.2.3.4 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] ospf 1 area 0
[SwitchA-LoopBack1] quit
# Configure Loopback 2.
[SwitchA] interface loopback 2
[SwitchA-LoopBack2] ip binding vpn-instance vpna
[SwitchA-LoopBack2] ip address 1.2.3.4 32
[SwitchA-LoopBack2] pim sm
[SwitchA-LoopBack2] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.0.1 24
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpna.

100
 [SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 1.2.3.4
[SwitchA-pim-vpna] c-rp 1.2.3.4
[SwitchA-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Configure an M-LAG interface.
[SwitchA] interface bridge-aggregation 21
[SwitchA-Bridge-Aggregation21] port link-type trunk
[SwitchA-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29
[SwitchA-Bridge-Aggregation21] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation21] port m-lag group 1
# Map Ethernet service instance 100 to VSI vpna.
[SwitchA-Bridge-Aggregation21] service-instance 100
[SwitchA-Bridge-Aggregation21-srv100] encapsulation s-vid 21
[SwitchA-Bridge-Aggregation21-srv100] xconnect vsi vpna
[SwitchA-Bridge-Aggregation21-srv100] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the M-LAG interface.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-aggregation group 21
[SwitchA-Twenty-FiveGigE1/0/1] quit
# Configure an aggregate interface as the peer-link interface.
[SwitchA] interface bridge-aggregation 9
[SwitchA-Bridge-Aggregation9] port link-type trunk
[SwitchA-Bridge-Aggregation9] port trunk permit vlan all
[SwitchA-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchA-Bridge-Aggregation9] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the peer-link interface.
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] port link-aggregation group 9
[SwitchA-Twenty-FiveGigE1/0/2] quit
# Exclude the interface used for setting up the keepalive link from the shutdown action by
M-LAG MAD.
[SwitchA] m-lag mad exclude interface twenty-fivegige 1/0/3
# Configure M-LAG system parameters.
[SwitchA] m-lag restore-delay 180
[SwitchA] m-lag system-mac 1-1-1
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag keepalive ip destination 192.168.1.2 source 192.168.1.1
4. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable

101
# Specify the virtual VTEP address as 1.2.3.4.
[SwitchB] evpn m-lag group 1.2.3.4
# Specify the IP addresses of the member devices in the M-LAG system.
[SwitchB] evpn m-lag local 2.2.2.2 remote 1.1.1.1
# Enable IP multicast routing.
[SwitchB] multicast routing
[SwitchB-mrib] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 5.5.5.5 as-number 200
[SwitchB-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchB-bgp-default] peer 6.6.6.6 as-number 200
[SwitchB-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchB-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit

102
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] pim distributed-dr
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit

# Configure Loopback 0.
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip address 1.2.3.4 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] ospf 1 area 0
[SwitchB-LoopBack1] quit
# Configure Loopback 2.
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpna
[SwitchB-LoopBack2] ip address 1.2.3.4 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchB-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchB-mvxlan-vpna-ipv4] data-group 239.0.0.1 24
[SwitchB-mvxlan-vpna-ipv4] quit

103
 [SwitchB-mvxlan-vpna] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 1.2.3.4
[SwitchB-pim-vpna] c-rp 1.2.3.4
[SwitchB-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Configure an M-LAG interface.
[SwitchB] interface bridge-aggregation 21
[SwitchB-Bridge-Aggregation21] port link-type trunk
[SwitchB-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29
[SwitchB-Bridge-Aggregation21] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation21] port m-lag group 1
# Map Ethernet service instance 100 to VSI vpna.
[SwitchB-Bridge-Aggregation21] service-instance 100
[SwitchB-Bridge-Aggregation21-srv100] encapsulation s-vid 21
[SwitchB-Bridge-Aggregation21-srv100] xconnect vsi vpna
[SwitchB-Bridge-Aggregation21-srv100] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the M-LAG interface.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-aggregation group 21
[SwitchB-Twenty-FiveGigE1/0/1] quit
# Configure an aggregate interface as the peer-link interface.
[SwitchB] interface bridge-aggregation 9
[SwitchB-Bridge-Aggregation9] port link-type trunk
[SwitchB-Bridge-Aggregation9] port trunk permit vlan all
[SwitchB-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchB-Bridge-Aggregation9] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the peer-link interface.
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-aggregation group 9
[SwitchB-Twenty-FiveGigE1/0/2] quit
# Exclude the interface used for setting up the keepalive link from the shutdown action by
M-LAG MAD.
[SwitchB] m-lag mad exclude interface twenty-fivegige 1/0/3
# Configure M-LAG system parameters.
[SwitchB] m-lag restore-delay 180
[SwitchB] m-lag system-mac 1-1-1
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag keepalive ip destination 192.168.1.1 source 192.168.1.2
5. Configure Switch C:
# Enable L2VPN.

104
<SwitchC> system-view
[SwitchC] l2vpn enable
# Specify the virtual VTEP address as 1.2.3.6.
[SwitchC] evpn m-lag group 1.2.3.6
# Specify the IP addresses of the member devices in the M-LAG system.
[SwitchC] evpn m-lag local 3.3.3.3 remote 4.4.4.4
# Enable IP multicast routing.
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Enable the IGMP snooping feature.
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchC-vsi-vpna] igmp-snooping enable
[SwitchC-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 6.6.6.6 as-number 200
[SwitchC-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchC-bgp-default] peer 5.5.5.5 as-number 200
[SwitchC-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchC-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1

105
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit

# Configure VSI-interface 1.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] igmp enable
[SwitchC-Vsi-interface1] pim distributed-dr
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit

# Configure Loopback 0.
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 3.3.3.3 32
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] ospf 1 area 0
[SwitchC-LoopBack1] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 1.2.3.6 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] ospf 1 area 0
[SwitchC-LoopBack1] quit
# Configure Loopback 2.
[SwitchB] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpna
[SwitchC-LoopBack2] ip address 1.2.3.6 255.255.255.255
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchC-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group

106
[SwitchC-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchC-mvxlan-vpna-ipv4] m-lag local 3.3.3.3 remote 4.4.4.4
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 1.2.3.6
[SwitchC-pim-vpna] c-rp 1.2.3.6
[SwitchC-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Configure an M-LAG interface.
[SwitchC] interface bridge-aggregation 17
[SwitchC-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation17] port m-lag group 17
# Map Ethernet service instance 20 to VSI vpna.
[SwitchC-Bridge-Aggregation17] service-instance 20
[SwitchC-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchC-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchC-Bridge-Aggregation17-srv20] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the M-LAG interface.
[SwitchC]interface twenty-fivegige 1/0/1
[SwitchC-Twenty-FiveGigE1/0/1] port link-aggregation group 17
[SwitchC-Twenty-FiveGigE1/0/1] quit
# Configure an aggregate interface as the peer-link interface.
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchC-Bridge-Aggregation9] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the peer-link interface.
[SwitchC] interface twenty-fivegige 1/0/2
[SwitchC-Twenty-FiveGigE1/0/2] port link-aggregation group 9
# Exclude the interface used for setting up the keepalive link from the shutdown action by
M-LAG MAD.
[SwitchC] m-lag mad exclude interface twenty-fivegige 1/0/3
# Configure M-LAG system parameters.
[SwitchC] m-lag restore-delay 180
[SwitchC] m-lag system-mac 2-2-2
[SwitchC] m-lag system-number 1
[SwitchC] m-lag system-priority 10
[SwitchC] m-lag keepalive ip destination 192.168.3.2 source 192.168.3.1
# Configure Bridge-Aggregation 17 as a trunk port and configure it to permit VLANs 20 through
29.
[SwitchC] interface bridge-aggregation 17
[SwitchC-Bridge-Aggregation17] port link-type trunk

107
 [SwitchC-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchC-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchC-Bridge-Aggregation17] quit
# Configure the peer-link interface as a trunk port and configure it to permit all VLANs.
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] port link-type trunk
[SwitchC-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchC-Bridge-Aggregation9] port trunk permit vlan all
[SwitchC-Bridge-Aggregation9] quit

6. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Specify the virtual VTEP address as 1.2.3.6.
[SwitchD] evpn m-lag group 1.2.3.6
# Specify the IP addresses of the member devices in the M-LAG system.
[SwitchD] evpn m-lag local 4.4.4.4 remote 3.3.3.3
# Enable IP multicast routing.
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enable the IGMP snooping feature.
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna.
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchD-vsi-vpna] igmp-snooping enable
[SwitchD-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 6.6.6.6 as-number 200
[SwitchD-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchD-bgp-default] peer 5.5.5.5 as-number 200
[SwitchD-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 6.6.6.6 enable

108
[SwitchD-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] igmp enable
[SwitchD-Vsi-interface1] pim distributed-dr
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] pim sm
[SwitchD-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpna.
[SwitchD] multicast routing vpn-instance vpna
[SwitchD-mrib-vpna] quit
# Configure Loopback 0.
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 4.4.4.4 32
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] ospf 1 area 0
[SwitchD-LoopBack1] quit
# Configure Loopback 1.
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip address 1.2.3.6 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] ospf 1 area 0
[SwitchD-LoopBack1] quit
# Configure Loopback 2.
[SwitchD] interface loopback 2

109
[SwitchD-LoopBack2] ip binding vpn-instance vpna
[SwitchD-LoopBack2] ip address 1.2.3.6 255.255.255.255
[SwitchD-LoopBack2] pim sm
[SwitchD-LoopBack2] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchD] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchD-mvxlan-vpna] address-family ipv4
[SwitchD-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchD-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchD-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchD-mvxlan-vpna-ipv4] m-lag local 4.4.4.4 remote 3.3.3.3
[SwitchD-mvxlan-vpna-ipv4] quit
[SwitchD-mvxlan-vpna] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchD] pim vpn-instance vpna
[SwitchD-pim-vpna] c-bsr 1.2.3.6
[SwitchD-pim-vpna] c-rp 1.2.3.6
[SwitchD-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# Configure an M-LAG interface.
[SwitchD] interface bridge-aggregation 17
[SwitchD-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation17] port m-lag group 17
# Map Ethernet service instance 20 to VSI vpna.
[SwitchD-Bridge-Aggregation17] service-instance 20
[SwitchD-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchD-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchD-Bridge-Aggregation17-srv20] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the M-LAG interface.
[SwitchD] interface twenty-fivegige 1/0/1
[SwitchD-Twenty-FiveGigE1/0/1] port link-aggregation group 17
[SwitchD-Twenty-FiveGigE1/0/1] quit
# Configure an aggregate interface as the peer-link interface.
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchD-Bridge-Aggregation9] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the peer-link interface.
[SwitchD] interface twenty-fivegige 1/0/2
[SwitchD-Twenty-FiveGigE1/0/2] port link-aggregation group 9
# Exclude the interface used for setting up the keepalive link from the shutdown action by
M-LAG MAD.

110
 [SwitchD] m-lag mad exclude interface twenty-fivegige 1/0/3
# Configure M-LAG system parameters.
[SwitchD] m-lag restore-delay 180
[SwitchD] m-lag system-mac 2-2-2
[SwitchD] m-lag system-number 2
[SwitchD] m-lag system-priority 10
[SwitchD] m-lag keepalive ip destination 192.168.3.1 source 192.168.3.2
# Configure Bridge-Aggregation 17 as a trunk port and configure it to permit VLANs 20 through
29.
[SwitchD] interface bridge-aggregation 17
[SwitchD-Bridge-Aggregation17] port link-type trunk
[SwitchD-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchD-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchD-Bridge-Aggregation17] quit
# Configure the peer-link interface as a trunk port and configure it to permit all VLANs.
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] port link-type trunk
[SwitchD-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchD-Bridge-Aggregation9] port trunk permit vlan all
[SwitchD-Bridge-Aggregation9] quit
7. Configure Switch E:
# Enable L2VPN.
<SwitchE> system-view
[SwitchE] l2vpn enable
# Specify the virtual VTEP address as 1.2.3.5.
[SwitchE] evpn m-lag group 1.2.3.5
# Specify the IP addresses of the member devices in the M-LAG system.
[SwitchE] evpn m-lag local 5.5.5.5 remote 6.6.6.6
# Enable IP multicast routing.
[SwitchE] multicast routing
[SwitchE-mrib] quit
# Enable the IGMP snooping feature.
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

111
[SwitchE-vsi-vpna] vxlan 10
[SwitchE-vsi-vpna-vxlan-10] quit
[SwitchE-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchE] bgp 200
[SwitchE-bgp-default] non-stop-routing
[SwitchE-bgp-default] group evpn internal
[SwitchE-bgp-default] peer evpn connect-interface loopback 0
[SwitchE-bgp-default] peer 1.1.1.1 group evpn
[SwitchE-bgp-default] peer 2.2.2.2 group evpn
[SwitchE-bgp-default] peer 3.3.3.3 group evpn
[SwitchE-bgp-default] peer 4.4.4.4 group evpn
[SwitchE-bgp-default] peer 6.6.6.6 group evpn
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] undo policy vpn-target
[SwitchE-bgp-default-evpn] peer evpn enable
[SwitchE-bgp-default-evpn] peer evpn next-hop-local
[SwitchE-bgp-default-evpn] peer evpn reflect-client
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchE] ip vpn-instance vpna
[SwitchE-vpn-instance-vpna] route-distinguisher 1:1
[SwitchE-vpn-instance-vpna] address-family ipv4
[SwitchE-vpn-ipv4-vpna] vpn-target 2:2
[SwitchE-vpn-ipv4-vpna] quit
[SwitchE-vpn-instance-vpna] address-family evpn
[SwitchE-vpn-evpn-vpna] vpn-target 1:1
[SwitchE-vpn-evpn-vpna] quit
[SwitchE-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpna
[SwitchE-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] pim distributed-dr
[SwitchE-Vsi-interface1] mac-address 1-1-1
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] local-proxy-arp enable
[SwitchE-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchE] interface vsi-interface 3
[SwitchE-Vsi-interface3] ip binding vpn-instance vpna
[SwitchE-Vsi-interface3] l3-vni 1000
[SwitchE-Vsi-interface3] pim sm
[SwitchE-Vsi-interface3] quit

112
# Enable IP multicast routing for VPN instance vpna.
[SwitchE] multicast routing vpn-instance vpna
[SwitchE-mrib-vpna] quit
# Configure Loopback 0.
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 5.5.5.5 32
[SwitchE-LoopBack0] ospf 1 area 0
[SwitchE-LoopBack0] quit
# Configure Loopback 1.
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip address 1.2.3.5 32
[SwitchE-LoopBack1] ospf 1 area 0
[SwitchE-LoopBack1] quit
# Configure Loopback 2.
[SwitchE] interface loopback 2
[SwitchE-LoopBack2] ip binding vpn-instance vpna
[SwitchE-LoopBack2] ip address 1.2.3.5 255.255.255.255
[SwitchE-LoopBack2] pim sm
[SwitchE-LoopBack2] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchE] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchE-mvxlan-vpna] address-family ipv4
[SwitchE-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchE-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchE-mvxlan-vpna-ipv4] data-group 239.0.0.1 30
[SwitchE-mvxlan-vpna-ipv4] quit
[SwitchE-mvxlan-vpna] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchE] pim vpn-instance vpna
[SwitchE-pim-vpna] c-bsr 1.2.3.5
[SwitchE-pim-vpna] c-rp 1.2.3.5
[SwitchE-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
# Configure an M-LAG interface.
[SwitchE] interface bridge-aggregation 17
[SwitchE-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchE-Bridge-Aggregation17] port m-lag group 17
# Map Ethernet service instance 20 to VSI vpna.
[SwitchE-Bridge-Aggregation17] service-instance 20
[SwitchE-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchE-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchE-Bridge-Aggregation17-srv20] quit

113
 # Assign a Layer 2 Ethernet interface to the aggregation group of the M-LAG interface.
[SwitchE]interface twenty-fivegige 1/0/1
[SwitchE-Twenty-FiveGigE1/0/1] port link-aggregation group 17
[SwitchE-Twenty-FiveGigE1/0/1] quit
# Configure an aggregate interface as the peer-link interface.
[SwitchE] interface bridge-aggregation 9
[SwitchE-Bridge-Aggregation9] port link-type trunk
[SwitchE-Bridge-Aggregation9] port trunk permit vlan all
[SwitchE-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchE-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchE-Bridge-Aggregation9] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the peer-link interface.
[SwitchE] interface twenty-fivegige 1/0/2
[SwitchE-Twenty-FiveGigE1/0/2] port link-aggregation group 9
[SwitchE-Twenty-FiveGigE1/0/2] quit
# Exclude the interface used for setting up the keepalive link from the shutdown action by
M-LAG MAD.
[SwitchE] m-lag mad exclude interface twenty-fivegige 1/0/3
# Configure M-LAG system parameters.
[SwitchE] m-lag restore-delay 180
[SwitchE] m-lag system-mac 3-3-3
[SwitchE] m-lag system-number 1
[SwitchE] m-lag system-priority 10
[SwitchE] m-lag keepalive ip destination 192.168.4.2 source 192.168.4.1
# Configure Bridge-Aggregation 17 as a trunk port and configure it to permit VLANs 20 through
29.
[SwitchE] interface bridge-aggregation 17
[SwitchE-Bridge-Aggregation17] port link-type trunk
[SwitchE-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchE-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchE-Bridge-Aggregation17] quit
# Configure the peer-link interface as a trunk port and configure it to permit all VLANs.
[SwitchE] interface bridge-aggregation 9
[SwitchE-Bridge-Aggregation9] port link-type trunk
[SwitchE-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchE-Bridge-Aggregation9] port trunk permit vlan all
[SwitchE-Bridge-Aggregation9] quit

8. Configure Switch F:
# Enable L2VPN.
<SwitchF> system-view
[SwitchF] l2vpn enable
# Specify the virtual VTEP address as 1.2.3.5.
[SwitchF] evpn m-lag group 1.2.3.5
# Specify the IP addresses of the member devices in the M-LAG system.
[SwitchF] evpn m-lag local 6.6.6.6 remote 5.5.5.5
# Enable IP multicast routing.
[SwitchF] multicast routing
[SwitchF-mrib] quit

114
# Enable the IGMP snooping feature.
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna.
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] evpn encapsulation vxlan
[SwitchF-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchF-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchF-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchF-vsi-vpna] igmp-snooping enable
[SwitchF-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 10.

[SwitchF-vsi-vpna] vxlan 10
[SwitchF-vsi-vpna-vxlan-10] quit
[SwitchF-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchF] bgp 200
[SwitchF-bgp-default] non-stop-routing
[SwitchF-bgp-default] group evpn internal
[SwitchF-bgp-default] peer evpn connect-interface LoopBack0
[SwitchF-bgp-default] peer 1.1.1.1 group evpn
[SwitchF-bgp-default] peer 2.2.2.2 group evpn
[SwitchF-bgp-default] peer 3.3.3.3 group evpn
[SwitchF-bgp-default] peer 4.4.4.4 group evpn
[SwitchF-bgp-default] peer 5.5.5.5 group evpn
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] undo policy vpn-target
[SwitchF-bgp-default-evpn] peer evpn enable
[SwitchF-bgp-default-evpn] peer evpn next-hop-local
[SwitchF-bgp-default-evpn] peer evpn reflect-client
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchF] ip vpn-instance vpna
[SwitchF-vpn-instance-vpna] route-distinguisher 1:1
[SwitchF-vpn-instance-vpna] address-family ipv4
[SwitchF-vpn-ipv4-vpna] vpn-target 2:2
[SwitchF-vpn-ipv4-vpna] quit
[SwitchF-vpn-instance-vpna] address-family evpn
[SwitchF-vpn-evpn-vpna] vpn-target 1:1
[SwitchF-vpn-evpn-vpna] quit
[SwitchF-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchF] interface vsi-interface 1

115
[SwitchF-Vsi-interface1] ip binding vpn-instance vpna
[SwitchF-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] igmp enable
[SwitchF-Vsi-interface1] pim distributed-dr
[SwitchF-Vsi-interface1] mac-address 1-1-1
[SwitchF-Vsi-interface1] distributed-gateway local
[SwitchF-Vsi-interface1] local-proxy-arp enable
[SwitchF-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchF] interface vsi-interface 3
[SwitchF-Vsi-interface3] ip binding vpn-instance vpna
[SwitchF-Vsi-interface3] l3-vni 1000
[SwitchF-Vsi-interface3] pim sm
[SwitchF-Vsi-interface3] quit

# Enable IP multicast routing for VPN instance vpna.

[SwitchF] multicast routing vpn-instance vpna
[SwitchF-mrib-vpna] quit
# Configure Loopback 0.
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 6.6.6.6 32
[SwitchF-LoopBack0] ospf 1 area 0
[SwitchF-LoopBack0] quit
# Configure Loopback 1.
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip address 1.2.3.5 32
[SwitchF-LoopBack1] ospf 1 area 0
[SwitchF-LoopBack1] quit
# Configure Loopback 2.
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip binding vpn-instance vpna
[SwitchF-LoopBack2] ip address 1.2.3.5 255.255.255.255
[SwitchF-LoopBack2] pim sm
[SwitchF-LoopBack2] quit
# Create an MDT-based MVXLAN for VPN instance vpna and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings.
[SwitchF] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchF-mvxlan-vpna] address-family ipv4
[SwitchF-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchF-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchF-mvxlan-vpna-ipv4] data-group 239.0.0.1 30
[SwitchF-mvxlan-vpna-ipv4] quit
[SwitchF-mvxlan-vpna] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpna.
[SwitchF] pim vpn-instance vpna

116
[SwitchF-pim-vpna] c-bsr 1.2.3.5
[SwitchF-pim-vpna] c-rp 1.2.3.5
[SwitchF-pim-vpna] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] gateway vsi-interface 1
[SwitchF-vsi-vpna] quit
# Configure an M-LAG interface.
[SwitchF] interface bridge-aggregation 17
[SwitchF-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchF-Bridge-Aggregation17] port m-lag group 17
# Map Ethernet service instance 20 to VSI vpna.
[SwitchF-Bridge-Aggregation17] service-instance 20
[SwitchF-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchF-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchF-Bridge-Aggregation17-srv20] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the M-LAG interface.
[SwitchF] interface twenty-fivegige 1/0/1
[SwitchF-Twenty-FiveGigE1/0/1] port link-aggregation group 17
[SwitchF-Twenty-FiveGigE1/0/1] quit
# Configure an aggregate interface as the peer-link interface.
[SwitchF] interface bridge-aggregation 9
[SwitchF-Bridge-Aggregation9] port link-type trunk
[SwitchF-Bridge-Aggregation9] port trunk permit vlan all
[SwitchF-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchF-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchF-Bridge-Aggregation9] quit
# Assign a Layer 2 Ethernet interface to the aggregation group of the peer-link interface.
[SwitchF] interface twenty-fivegige 1/0/2
[SwitchF-Twenty-FiveGigE1/0/2] port link-aggregation group 9
[SwitchF-Twenty-FiveGigE1/0/2] quit
# Exclude the interface used for setting up the keepalive link from the shutdown action by
M-LAG MAD.
[SwitchF] m-lag mad exclude interface twenty-fivegige 1/0/3
# Configure M-LAG system parameters.
[SwitchF] m-lag restore-delay 180
[SwitchF] m-lag system-mac 3-3-3
[SwitchF] m-lag system-number 2
[SwitchF] m-lag system-priority 10
[SwitchF] m-lag keepalive ip destination 192.168.4.1 source 192.168.4.2
# Configure Bridge-Aggregation 17 as a trunk port and configure it to permit VLANs 20 through
29.
[SwitchF] interface bridge-aggregation 17
[SwitchF-Bridge-Aggregation17] port link-type trunk
[SwitchF-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchF-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchF-Bridge-Aggregation17] quit
# Configure the peer-link interface as a trunk port and configure it to permit all VLANs.

117
 [SwitchF] interface bridge-aggregation 9
[SwitchF-Bridge-Aggregation9] port link-type trunk
[SwitchF-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchF-Bridge-Aggregation9] port trunk permit vlan all
[SwitchF-Bridge-Aggregation9] quit

Verifying the configuration

1. Verify the VXLAN tunnel and VSI configuration on Switch A:
# Verify that the VXLAN tunnels are up, and the virtual VTEP address is used as the source
address of some VXLAN tunnels.
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 6.6.6.6
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 1159 packets, 176556 bytes, 0 drops
Output: 1176 packets, 178121 bytes, 0 drops

Tunnel2
Current state: UP

118
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel3
Current state: UP
Line protocol state: UP
Description: Tunnel3 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75 /0
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 1.2.3.6
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 8 packets, 480 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI
interfaces are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled

119
 Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
Tunnel2 0x5000002 UP Auto Disabled
Tunnel3 0x5000003 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG17 srv20 0 Up Manual
2. Verify the multicast routing information on Switch A:
# Display the multicast routing entries when the peer links of the M-LAG systems are up.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

(1.2.3.4, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:59:50
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Register-Tunnel0
Protocol: pim-sm, UpTime: 03:38:17, Expires: -

(1.2.3.6, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:49
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE1
Protocol: MD, UpTime: 01:18:49, Expires: -
# Display the multicast routing entries when the peer links of the M-LAG systems are down.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

(1.1.1.1, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:02:12

120
 Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:11, Expires: 00:03:19

(2.2.2.2, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:04
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:04, Expires: -

(3.3.3.3, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:36
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:36, Expires: -

(6.6.6.6, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:00:32
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:00:32, Expires: -
3. Verify the multicast routing information on Switch E:
# Display the public multicast routing entries when the peer links of the M-LAG systems are up.
<SwitchE> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

121
 (1.2.3.4, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 04:11:32
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface13
Protocol: pim-sm, UpTime: 01:33:53, Expires: 00:02:40
2: Vlan-interface14
Protocol: pim-sm, UpTime: 01:31:35, Expires: 00:02:40

(1.2.3.6, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 01:34:02
Upstream interface: Vlan-interface14
Upstream neighbor: 14.1.1.4
RPF prime neighbor: 14.1.1.4
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:40
2: Vlan-interface12
Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:41-
# Display the public multicast routing entries when the peer links of the M-LAG systems are up.
<SwitchE> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:04:00
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface12
Protocol: pim-sm, UpTime: 00:02:51, Expires: 00:02:39
2: Vlan-interface13
Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:06
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:10

(2.2.2.2, 236.0.0.1)

122
 RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:02:52
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:38
2: Vlan-interface13
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:39
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:03:10

(3.3.3.3, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:03:25
Upstream interface: Vlan-interface13
Upstream neighbor: 13.1.1.3
RPF prime neighbor: 13.1.1.3
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:03:06
2: Vlan-interface12
Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:02:38
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10

(6.6.6.6, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:02:20
Upstream interface: Vlan-interface14
Upstream neighbor: 14.1.1.4
RPF prime neighbor: 14.1.1.4
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
2: Vlan-interface12
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
3: Vlan-interface13
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:11

123
Example: Configuring DCI Layer 3 multicast without L3
VXLAN ID mapping
Network configuration
As shown in Figure 16, the multicast source of multicast group 225.0.0.1 is attached to Switch A,
and the receivers of the multicast group are attached to Switch B and Switch E. Configure DCI
Layer 3 multicast as follows:
• For DC 1, configure Switch A and Switch B as VTEPs, and configure Switch C as an ED.
• For DC 2, configure Switch E as a VTEP, and configure Switch D as an ED.
• Assign L3 VXLAN ID to DC 1 and DC 2.
• On Switch A through Switch E, configure PIM SM on the public-network interfaces used for
intra-data center connection. Enable IGMP snooping on Switch E.
Figure 16 Network diagram
Source

192.168.10.2/24
Loop0 Loop0 Loop0
Loop1 Loop1 Loop1
77.77.77.77/32 88.88.88.88/32 4.4.4.4/32

WGE1/0/1 Vlan-int10 Sw tich C Vlan-int70 Vlan-int20 Sw tich E

Loop0 11.1.1.1/24 78.1.1.1/24 22.1.1.2/24
Loop1
Vlan-int10 Vlan-int70 Vlan-int20
1.1.1.1/32
11.1.1.2/24 Vlan-int20 78.1.1.2/24 22.1.1.1/24
Sw tich A Sw tich D WGE1/0/1
VSI-int1
12.1.1.2/24 192.168.40.1/24
VSI-int1
192.168.10.1/24
Vlan-int20
12.1.1.2/24
Loop0
Sw tich B
192.168.40.2/24
Loop1
DC 2
WGE1/0/1
DC 1 2.2.2.2/32
192.168.20.2/24 Receiver 2
VSI-int1
192.168.20.1/24

Receiver 1

Procedure
1. Set the VXLAN hardware resource mode on Switches A through E and reboot the switches.
This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On the multicast source, specify 192.168.10.1 as the gateway address. On Receiver 1, specify
192.168.20.1 as the gateway address. On Receiver 2, specify 192.168.40.1 as the gateway
address. (Details not shown.)

124
3. Configure IP addresses, PIM SM, and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 16. (Details not shown.)
# Configure OSPF in each data center for the switches in a data center to reach one another.
(Details not shown.)
# Enable PIM SM on the VLAN interfaces that interconnect the devices in a data center.
(Details not shown.)
# Verify that PIM SM is disabled on the VLAN interfaces that interconnect the EDs. (Details not
shown.)
4. Configure Switch A:
# Enable L2VPN and IP multicast routing, and create VLAN 11.
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable

# Configure Loopback 0.
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 11.

[SwitchA-vsi-vpna] vxlan 11
[SwitchA-vsi-vpna-vxlan-11] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 77.77.77.77 as-number 100
[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local

125
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 11.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 11
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchA-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 11

# Map Ethernet service instance 100 to VSI vpna.

[SwitchA-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchA-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings. Enable advertising active multicast sources through S -PMSI routes. Set the
data-delay period to 20 seconds, which is longer than the default frequency of sending the
same route update to a peer or peer group.
[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchA-mvxlan-vpn1] address-family ipv4
[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchA-mvxlan-vpn1-ipv4] source loopback 0
[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-vpn1-ipv4] data-delay 20
[SwitchA-mvxlan-vpn1-ipv4] quit
[SwitchA-mvxlan-vpn1] quit

126
 # Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpn1
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchA] pim vpn-instance vpn1
[SwitchA-pim-vpn1] c-bsr 1.1.1.1
[SwitchA-pim-vpn1] c-rp 1.1.1.1
[SwitchA-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
5. Configure Switch B:
# Enable L2VPN and IP multicast routing, and create VLAN 12.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] vlan 12
[SwitchB-vlan12] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable

# Configure Loopback 0.
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 12.

[SwitchB-vsi-vpna] vxlan 12
[SwitchB-vsi-vpna-vxlan-12] quit

127
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 77.77.77.77 as-number 100
[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 12.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 12
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchB-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 12

# Map Ethernet service instance 100 to VSI vpna.

[SwitchB-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchB-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchB] multicast routing vpn-instance vpn1
[SwitchB-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchB-mvxlan-vpn1] address-family ipv4
[SwitchB-mvxlan-vpn1-ipv4] source loopback 0

128
 [SwitchB-mvxlan-vpn1-ipv4] quit
[SwitchB-mvxlan-vpn1] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpn1
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchB] pim vpn-instance vpn1
[SwitchB-pim-vpn1] c-bsr 2.2.2.2
[SwitchB-pim-vpn1] c-rp 2.2.2.2
[SwitchB-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
6. Configure Switch C:
# Enable L2VPN, IP multicast routing, and RIP process 1.
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
[SwitchC] rip 1
[SwitchC-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC]vxlan tunnel mac-learning disable
[SwitchC]vxlan tunnel arp-learning disable

# Configure Loopback 0.
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 77.77.77.77 32
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] rip 1 enable
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] quit
# Configure RIP and enable DCI on the interface connected to a remote ED.
[SwitchC] interface vlan-interface 70
[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0
[SwitchC-Vlan-interface70] rip 1 enable
[SwitchC-Vlan-interface70] dci enable
# Configure BGP to advertise BGP EVPN routes, and configure Switch C as an RR.
[SwitchC] bgp 100
[SwitchC-bgp-default] group group1 internal
[SwitchC-bgp-default] peer group1 connect-interface loopback 0

129
[SwitchC-bgp-default] peer 1.1.1.1 group group1
[SwitchC-bgp-default] peer 2.2.2.2 group group1
[SwitchC-bgp-default] peer 88.88.88.88 as-number 200
[SwitchC-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer group1 enable
[SwitchC-bgp-default-evpn] peer group1 next-hop-local
[SwitchC-bgp-default-evpn] peer group1 reflect-client
[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchC-vpn-instance-vpn1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit

# Enable IP multicast routing for VPN instance vpn1.

[SwitchC] multicast routing vpn-instance vpn1
[SwitchC-mrib-vpn1] quit

# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface and enable multicast DCI.
[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchC-mvxlan-vpn1] address-family ipv4
[SwitchC-mvxlan-vpn1-ipv4] source loopback 0
[SwitchC-mvxlan-vpn1-ipv4] dci enable
[SwitchC-mvxlan-vpn1-ipv4] quit
[SwitchC-mvxlan-vpn1] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpn1
[SwitchC-LoopBack1] ip address 77.77.77.77 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchC] pim vpn-instance vpn1
[SwitchC-pim-vpn1] c-bsr 77.77.77.77
[SwitchC-pim-vpn1] c-rp 77.77.77.77

130
 [SwitchC-pim-vpn1] quit
7. Configure Switch D:
# Enable L2VPN, IP multicast routing, and RIP process 1.
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] rip 1
[SwitchD-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchD]vxlan tunnel mac-learning disable
[SwitchD]vxlan tunnel arp-learning disable

# Configure Loopback 0.
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 88.88.88.88 32
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] rip 1 enable
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] quit
# Configure RIP and enable DCI on the interface connected to a remote ED.
[SwitchD] interface vlan-interface 70
[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0
[SwitchD-Vlan-interface70] rip 1 enable
[SwitchD-Vlan-interface70] dci enable
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 4.4.4.4 as-number 200
[SwitchD-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 as-number 100
[SwitchD-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1
[SwitchD-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchD-vpn-instance-vpn1] quit

131
 # Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchD] multicast routing vpn-instance vpn1
[SwitchD-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings, and enable multicast DCI. Configure the data group range to be the same as that on
Switch A to ensure correct forwarding.
[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchD-mvxlan-vpn1] address-family ipv4
[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchD-mvxlan-vpn1-ipv4] source loopback 0
[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchD-mvxlan-vpn1-ipv4] dci enable
[SwitchD-mvxlan-vpn1-ipv4] quit
[SwitchD-mvxlan-vpn1] quit
# Configure Loopback 1.
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpn1
[SwitchD-LoopBack1] ip address 88.88.88.88 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchD] pim vpn-instance vpn1
[SwitchD-pim-vpn1] c-bsr 88.88.88.88
[SwitchD-pim-vpn1] c-rp 88.88.88.88
[SwitchD-pim-vpn1] quit
8. Configure Switch E:
# Enable L2VPN and IP multicast routing, and create VLAN 21.
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
[SwitchE] vlan 21
[SwitchE-vlan21] quit
# Enable the IGMP snooping feature.
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable

132
# Configure Loopback 0.
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] pim sm
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] quit
# Create an EVPN instance on VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 21.

[SwitchE-vsi-vpna] vxlan 21
[SwitchE-vsi-vpna-vxlan-21] quit
[SwitchE-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchE] bgp 200
[SwitchE-bgp-default] peer 88.88.88.88 as-number 200
[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 21.
[SwitchE] interface twenty-fivegige 1/0/1
[SwitchE-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchE-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 21
[SwitchE-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchE-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 21

# Map Ethernet service instance 100 to VSI vpna.

[SwitchE-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchE-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchE] ip vpn-instance vpn1
[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3
[SwitchE-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchE-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[SwitchE-Vsi-interface1] pim sm

133
 [SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface2] l3-vni 1000
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchE] multicast routing vpn-instance vpn1
[SwitchE-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchE-mvxlan-vpn1] address-family ipv4
[SwitchE-mvxlan-vpn1-ipv4] source loopback 0
[SwitchE-mvxlan-vpn1-ipv4] quit
[SwitchE-mvxlan-vpn1] quit
# Configure Loopback 1.
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance vpn1
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchE] pim vpn-instance vpn1
[SwitchE-pim-vpn1] c-bsr 4.4.4.4
[SwitchE-pim-vpn1] c-rp 4.4.4.4
[SwitchE-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit

Verifying the configuration

1. Verify the multicast routing information on Switch A, Switch B, and Switch E. This step uses
Switch A as an example.
# Verify that Switch A has multicast routing entries for VPN instance vpn1.
<SwitchA> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:19:10
Upstream interface: Register-Tunnel0

134
 Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:19:10, Expires: -

(192.168.10.2, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 03:27:40
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 01:19:06, Expires: -
# Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:43:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:18, Expires: 00:03:15

(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:42
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:42, Expires: -

(77.77.77.77, 239.0.0.1)
RP: NULL

135
 Protocol: pim-sm, Flag: SPT
UpTime: 01:19:16
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:19:16, Expires: -

(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:16
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:01, Expires: 00:02:30
2. Verify the multicast routing information on the EDs. This step uses Switch C as an example.
# Verify that Switch C has multicast routing entries for VPN instance vpn1.
<SwitchC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:18:39
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 01:18:05, Expires: -

(192.168.10.2, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 01:18:39
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:

136
 Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
# Verify that Switch C has multicast routing entries for the public network.
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:44, Expires: -

(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:11
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:15
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:11, Expires: -

(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:44, Expires: 00:02:42
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17

137
 (1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:30, Expires: -
# Verify that IGMP snooping has learned multicast group entries through EVPN on Switch C.
<SwitchC> display igmp-snooping evpn-group
Total 2 entries.

VSI Auto_L3VNI1000_2: Total 2 entries.

(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)
(192.168.10.2, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)

Example: Configuring DCI Layer 3 multicast with multiple L3

VXLAN IDs mapped to the same intermediate L3 VXLAN ID
Network configuration
As shown in Figure 17, the multicast source of multicast group 225.0.0.1 is attached to Switch A,
and the receivers of the multicast group are attached to S witch B, Switch E, and S witch G.
Configure DCI Layer 3 multicast as follows:
• For DC 1, configure Switch A and Switch B as VTEPs, and configure Switch C as an ED.
• For DC 2, configure Switch E as a VTEP, and configure Switch D as an ED.
• For DC 3, configure Switch G as a VTEP, and configure Switch F as an ED.
• On Switch A, Switch B, Switch E, and Switch G, configure PIM SM on the public-network
interfaces. Enable IGMP snooping on Switch B, Switch E, and Switch G.
• For DC 1, assign L3 VXLAN ID 1001 to VPN instance vpn1. For DC 2, assign L3 VXLAN ID
1002 to VPN instance vpn1. For DC 3, assign L3 VXLAN ID 1003 to VPN instance vpn1.
• On Switch C, Switch D, and Switch F, create intermediate VPN instance vpn2 and assign L3
VXLAN ID 1000 to it.

138
 Figure 17 Network diagram
Loop0
Loop1
6.6.6.6/32
Receiver 3
WGE1/0/1
Vlan-int30
Loop0/Loop1/
33.1.1.1/24
Loop2
99.99.99.99/32 Sw tich G 192.168.60.2/24
VSI-int1
192.168.60.1/24
Vlan-int30
Sw tich F 33.1.1.2/24 DC 3
Source Vlan-int90 Vlan-int80
192.168.10.2/24 79.1.1.2/24 89.1.1.2/24
Loop0/Loop1/ Loop0/Loop1/ Loop0
Loop2 Loop2 Loop1
77.77.77.77/32 Vlan-int90 88.88.88.88/32 4.4.4.4/32
79.1.1.1/24
Vlan-int80
WGE1/0/1 Vlan-int10 Sw tich C Vlan-int70 Vlan-int20 Sw tich E
89.1.1.1/24
Loop0 11.1.1.1/24 78.1.1.1/24 22.1.1.2/24
Loop1
Vlan-int10 Vlan-int70 Vlan-int20
1.1.1.1/32
11.1.1.2/24 Vlan-int20 78.1.1.2/24 22.1.1.1/24
Sw tich A 12.1.1.2/24 Sw tich D WGE1/0/1 VSI-int1
192.168.40.1/24
VSI-int1
192.168.10.1/24
Vlan-int20
12.1.1.2/24
Loop0
Sw tich B
DC 2 192.168.40.2/24
Loop1
DC 1 2.2.2.2/32 WGE1/0/1

192.168.20.2/24 Receiver 2
VSI-int1
192.168.20.1/24

Receiver 1

Procedure
1. Set the VXLAN hardware resource mode on Switches A through G and reboot the switches.
This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On the multicast source, specify 192.168.10.1 as the gateway address. On Receiver 1, specify
192.168.20.1 as the gateway address. On Receiver 2, specify 192.168.40.1 as the gateway
address. On Receiver 3, specify 192.168.60.1 as the gateway address. (Details not shown.)
3. Configure IP addresses, PIM SM, and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 17. (Details not shown.)
# Configure OSPF in each data center for the switches in a data center to reach one another.
(Details not shown.)
# Enable PIM SM on the VLAN interfaces that interconnect the devices in a data center.
(Details not shown.)

139
 As a best practice, do not enable PIM SM on the VLAN interfaces that interconnect the EDs.
4. Configure Switch A:
# Enable L2VPN and IP multicast routing.
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable

# Create VLAN 11 and enter its view.

[SwitchA] vlan 11
[SwitchA-vlan11] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 11.

[SwitchA-vsi-vpna] vxlan 11
[SwitchA-vsi-vpna-vxlan-11] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 77.77.77.77 as-number 100
[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 11.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 11
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchA-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 11

# Map Ethernet service instance 100 to VSI vpna.

[SwitchA-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv100] quit

140
# Configure RD and route target settings for VPN instance vpn1.
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchA-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1001
for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 1001
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings. Enable advertising active multicast sources through S -PMSI routes. Set the
data-delay period to 20 seconds, which is longer than the default frequency of sending the
same route update to a peer or peer group.
[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchA-mvxlan-vpn1] address-family ipv4
[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchA-mvxlan-vpn1-ipv4] source loopback 0
[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-vpn1-ipv4] data-delay 20
[SwitchA-mvxlan-vpn1-ipv4] quit
[SwitchA-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpn1
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm

141
 [SwitchA-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchA] pim vpn-instance vpn1
[SwitchA-pim-vpn1] c-bsr 1.1.1.1
[SwitchA-pim-vpn1] c-rp 1.1.1.1
[SwitchA-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
5. Configure Switch B:
# Enable L2VPN and IP multicast routing.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable

# Create VLAN 12 and enter its view.

[SwitchB] vlan 12
[SwitchB-vlan12] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 12.

[SwitchB-vsi-vpna] vxlan 12
[SwitchB-vsi-vpna-vxlan-12] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 77.77.77.77 as-number 100
[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchB-bgp-default-evpn] quit

142
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 12.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 12
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchB-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 12

# Map Ethernet service instance 100 to VSI vpna.

[SwitchB-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchB-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1001
for the VPN instance.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] l3-vni 1001
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchB] multicast routing vpn-instance vpn1
[SwitchB-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchB-mvxlan-vpn1] address-family ipv4
[SwitchB-mvxlan-vpn1-ipv4] source loopback 0
[SwitchB-mvxlan-vpn1-ipv4] quit
[SwitchB-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# Configure Loopback 1.

143
 [SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpn1
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchB] pim vpn-instance vpn1
[SwitchB-pim-vpn1] c-bsr 2.2.2.2
[SwitchB-pim-vpn1] c-rp 2.2.2.2
[SwitchB-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
6. Configure Switch C:
# Enable L2VPN and IP multicast routing.
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Enable the IGMP snooping feature.
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Configure a route policy to disable Switch C from forwarding the SMET and S-PMSI routes
received from Switch D to Switch F and from forwarding the SMET and S -PMSI routes
received from Switch F to Switch D.
[SwitchC] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchC] ip prefix-list 8 index 10 permit 99.99.99.99 32
[SwitchC] ip prefix-list 9 index 10 permit 88.88.88.88 32
[SwitchC] route-policy 8 deny node 0
[SwitchC-route-policy-8-0] if-match ip route-source prefix-list 8
[SwitchC-route-policy-8-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchC-route-policy-8-0] quit
[SwitchC] route-policy 8 permit node 1
[SwitchC-route-policy-8-1] if-match ip route-source prefix-list 1
[SwitchC-route-policy-8-1] quit
[SwitchC] route-policy 9 deny node 0
[SwitchC-route-policy-9-0] if-match ip route-source prefix-list 9
[SwitchC-route-policy-9-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchC-route-policy-9-0] quit
[SwitchC] route-policy 9 permit node 1
[SwitchC-route-policy-9-1] if-match ip route-source prefix-list 1
[SwitchC-route-policy-9-1] quit
# Configure BGP to advertise BGP EVPN routes, and configure Switch C as an RR.

144
[SwitchC] bgp 100
[SwitchC-bgp-default] group group1 internal
[SwitchC-bgp-default] peer group1 connect-interface loopback 0
[SwitchC-bgp-default] peer 1.1.1.1 group group1
[SwitchC-bgp-default] peer 2.2.2.2 group group1
[SwitchC-bgp-default] peer 88.88.88.88 as-number 200
[SwitchC-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchC-bgp-default] peer 99.99.99.99 as-number 300
[SwitchC-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchC-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer group1 enable
[SwitchC-bgp-default-evpn] peer group1 next-hop-local
[SwitchC-bgp-default-evpn] peer group1 reflect-client
[SwitchC-bgp-default-evpn] peer group1 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer group1 advertise original -route
[SwitchC-bgp-default-evpn] peer group1 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchC-bgp-default-evpn] peer 88.88.88.88 route-policy 8 export
[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchC-bgp-default-evpn] peer 99.99.99.99 route-policy 9 export
[SwitchC-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchC-vpn-instance-vpn1] quit
# Configure RD and route target settings for VPN instance vpn2.
[SwitchC] ip vpn-instance vpn2
[SwitchC-vpn-instance-vpn2] route-distinguisher 1:13

145
[SwitchC-vpn-instance-vpn2] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchC-vpn-instance-vpn2] vpn-target 100:100 export-extcommunity
[SwitchC-vpn-instance-vpn2] quit
# Associate VSI-interface 1 with VPN instance vpn1, and configure the L3 VXLAN ID as 1001
for the VPN instance.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface1] l3-vni 1001
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn2, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchC] multicast routing vpn-instance vpn1
[SwitchC-mrib-vpn1] quit

# Enable IP multicast routing for VPN instance vpn2.

[SwitchC] multicast routing vpn-instance vpn2
[SwitchC-mrib-vpn2] quit

# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group and MVXLAN source interface, and enable multicast
DCI.
[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchC-mvxlan-vpn1] address-family ipv4
[SwitchC-mvxlan-vpn1-ipv4] source loopback 0
[SwitchC-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchC-mvxlan-vpn1-ipv4] dci enable
[SwitchC-mvxlan-vpn1-ipv4] quit
[SwitchC-mvxlan-vpn1] quit
# Configure VLAN-interface 70 that is connected to remote EDs.
[SwitchC] interface vlan-interface 70
[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0
[SwitchC-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface70] dci enable
[SwitchC-Vlan-interface70] quit
# Configure VLAN-interface 90 that is connected to remote EDs.
[SwitchC] interface vlan-interface 90
[SwitchC-Vlan-interface90] ip address 79.1.1.1 255.255.255.0
[SwitchC-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface90] dci enable
[SwitchC-Vlan-interface90] quit
# Configure Loopback 0.
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 77.77.77.77 32

146
 [SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpn1
[SwitchC-LoopBack1] ip address 77.77.77.77 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# Configure Loopback 2.
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpn2
[SwitchC-LoopBack2] ip address 77.77.77.77 32
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchC] pim vpn-instance vpn1
[SwitchC-pim-vpn1] c-bsr 77.77.77.77
[SwitchC-pim-vpn1] c-rp 77.77.77.77
[SwitchC-pim-vpn1] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpn2.
[SwitchC] pim vpn-instance vpn2
[SwitchC-pim-vpn2] c-bsr 77.77.77.77
[SwitchC-pim-vpn2] c-rp 77.77.77.77
[SwitchC-pim-vpn2] quit
7. Configure Switch D:
# Enable L2VPN and IP multicast routing.
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enable the IGMP snooping feature.
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# Configure a route policy to disable Switch D from forwarding the SMET and S-PMSI routes
received from Switch C to Switch F and from forwarding the SMET and S -PMSI routes
received from Switch F to Switch C.
[SwitchD] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchD] ip prefix-list 7 index 10 permit 99.99.99.99 32
[SwitchD] ip prefix-list 9 index 10 permit 77.77.77.77 32
[SwitchD] route-policy 7 deny node 0
[SwitchD-route-policy-7-0] if-match ip route-source prefix-list 7
[SwitchD-route-policy-7-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi

147
[SwitchD-route-policy-7-0] quit
[SwitchD] route-policy 7 permit node 1
[SwitchD-route-policy-7-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-7-1] quit
[SwitchD] route-policy 9 deny node 0
[SwitchD-route-policy-9-0] if-match ip route-source prefix-list 9
[SwitchD-route-policy-9-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-9-0] quit
[SwitchD] route-policy 9 permit node 1
[SwitchD-route-policy-9-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-9-1] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 4.4.4.4 as-number 200
[SwitchD-bgp-default] peer 4.4.4.4 connect-interface LoopBack0
[SwitchD-bgp-default] peer 77.77.77.77 as-number 100
[SwitchD-bgp-default] peer 77.77.77.77 connect-interface LoopBack0
[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchD-bgp-default] peer 99.99.99.99 as-number 300
[SwitchD-bgp-default] peer 99.99.99.99 connect-interface LoopBack0
[SwitchD-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchD-bgp-default-evpn] peer 77.77.77.77 route-policy 7 export
[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchD-bgp-default-evpn] peer 99.99.99.99 route-policy 9 export
[SwitchD-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.

148
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchD-vpn-instance-vpn1] quit
# Configure RD and route target settings for VPN instance vpn2.
[SwitchD] ip vpn-instance vpn2
[SwitchD-vpn-instance-vpn2] route-distinguisher 2:11
[SwitchD-vpn-instance-vpn2] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchD-vpn-instance-vpn2] vpn-target 200:200 export-extcommunity
[SwitchD-vpn-instance-vpn2] quit
# Associate VSI-interface 1 with VPN instance vpn1, and configure the L3 VXLAN ID as 1002
for the VPN instance.
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface1] l3-vni 1002
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn2, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchD] multicast routing vpn-instance vpn1
[SwitchD-mrib-vpn1] quit
# Enable IP multicast routing for VPN instance vpn2.
[SwitchD] multicast routing vpn-instance vpn2
[SwitchD-mrib-vpn2] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings, and enable multicast DCI. Configure the data group range to be the same as that on
Switch A to ensure correct forwarding.
[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchD-mvxlan-vpn1] address-family ipv4
[SwitchD-mvxlan-vpn1-ipv4] source loopback 0
[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchD-mvxlan-vpn1-ipv4] dci enable
[SwitchD-mvxlan-vpn1-ipv4] quit
[SwitchD-mvxlan-vpn1] quit
# Configure VLAN-interface 70 that is connected to remote EDs.
[SwitchD] interface vlan-interface 70
[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0
[SwitchD-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface70] dci enable
[SwitchD-Vlan-interface70] quit

149
 # Configure VLAN-interface 80 that is connected to remote EDs.
[SwitchD] interface vlan-interface 80
[SwitchD-Vlan-interface80] ip address 89.1.1.1 255.255.255.0
[SwitchD-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface80] dci enable
[SwitchD-Vlan-interface80] quit
# Configure Loopback 0.
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 88.88.88.88 32
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] quit
# Configure Loopback 1.
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpn1
[SwitchD-LoopBack1] ip address 88.88.88.88 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# Configure Loopback 2.
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip binding vpn-instance vpn2
[SwitchD-LoopBack2] ip address 88.88.88.88 32
[SwitchD-LoopBack2] pim sm
[SwitchD-LoopBack2] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchD] pim vpn-instance vpn1
[SwitchD-pim-vpn1] c-bsr 88.88.88.88
[SwitchD-pim-vpn1] c-rp 88.88.88.88
[SwitchD-pim-vpn1] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpn2.
[SwitchD] pim vpn-instance vpn2
[SwitchD-pim-vpn2] c-bsr 88.88.88.88
[SwitchD-pim-vpn2] c-rp 88.88.88.88
[SwitchD-pim-vpn2] quit
8. Configure Switch E:
# Enable L2VPN and IP multicast routing.
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
# Enable the IGMP snooping feature.
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable

150
# Create VLAN 21 and enter its view.
[SwitchE] vlan 21
[SwitchE-vlan12] quit
# Create an EVPN instance on VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 21.

[SwitchE-vsi-vpna] vxlan 21
[SwitchE-vsi-vpna-vxlan-21] quit
[SwitchE-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchE] bgp 200
[SwitchE-bgp-default] peer 88.88.88.88 as-number 200
[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 21.
[SwitchE] interface twenty-fivegige 1/0/1
[SwitchE-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchE-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 21
[SwitchE-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchE-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 21

# Map Ethernet service instance 100 to VSI vpna.

[SwitchE-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchE-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchE] ip vpn-instance vpn1
[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 import-extcommunity
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchE-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] quit

151
 # Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1002
for the VPN instance.
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface2] l3-vni 1002
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchE] multicast routing vpn-instance vpn1
[SwitchE-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchE-mvxlan-vpn1] address-family ipv4
[SwitchE-mvxlan-vpn1-ipv4] source loopback 0
[SwitchE-mvxlan-vpn1-ipv4] quit
[SwitchE-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] pim sm
[SwitchE-LoopBack0] quit
# Configure Loopback 1.
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance vpn1
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchE] pim vpn-instance vpn1
[SwitchE-pim-vpn1] c-bsr 4.4.4.4
[SwitchE-pim-vpn1] c-rp 4.4.4.4
[SwitchE-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
9. Configure Switch F:
# Enable L2VPN and IP multicast routing.
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
# Enable the IGMP snooping feature.
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit

152
# Disable remote MAC address learning and remote ARP learning.
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# Configure a route policy to disable Switch F from forwarding the SMET and S-PMSI routes
received from Switch C to Switch D and from forwarding the SMET and S-PMSI routes
received from Switch D to Switch C.
[SwitchF] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchF] ip prefix-list 7 index 10 permit 88.88.88.88 32
[SwitchF] ip prefix-list 8 index 10 permit 77.77.77.77 32
[SwitchF] route-policy 7 deny node 0
[SwitchF-route-policy-7-0] if-match ip route-source prefix-list 7
[SwitchF-route-policy-7-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-7-0] quit
[SwitchF] route-policy 7 permit node 1
[SwitchF-route-policy-7-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-7-1] quit
[SwitchF] route-policy 8 deny node 0
[SwitchF-route-policy-8-0] if-match ip route-source prefix-list 8
[SwitchF-route-policy-8-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-8-0] quit
[SwitchF] route-policy 8 permit node 1
[SwitchF-route-policy-8-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-8-1] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchF] bgp 300
[SwitchF-bgp-default] peer 6.6.6.6 as-number 300
[SwitchF-bgp-default] peer 6.6.6.6 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 as-number 100
[SwitchF-bgp-default] peer 77.77.77.77 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchF-bgp-default] peer 88.88.88.88 as-number 200
[SwitchF-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchF-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchF-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchF-bgp-default-evpn] peer 77.77.77.77 route-policy 7 export
[SwitchF-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt

153
[SwitchF-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchF-bgp-default-evpn] peer 88.88.88.88 route-policy 8 export
[SwitchF-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchF] ip vpn-instance vpn1
[SwitchF-vpn-instance-vpn1] route-distinguisher 3:1
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 100:100 200:200 import-extcommunity
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity
[SwitchF-vpn-instance-vpn1] quit
# Configure RD and route target settings for VPN instance vpn2.
[SwitchF] ip vpn-instance vpn2
[SwitchF-vpn-instance-vpn2] route-distinguisher 3:11
[SwitchF-vpn-instance-vpn2] vpn-target 30:30 100:100 200:200 import-extcommunity
[SwitchF-vpn-instance-vpn2] vpn-target 300:300 export-extcommunity
[SwitchF-vpn-instance-vpn2] quit
# Associate VSI-interface 1 with VPN instance vpn1, and configure the L3 VXLAN ID as 1003
for the VPN instance.
[SwitchF] interface vsi-interface 1
[SwitchF-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface1] l3-vni 1003
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn2, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchF] multicast routing vpn-instance vpn1
[SwitchF-mrib-vpn1] quit

# Enable IP multicast routing for VPN instance vpn2.

[SwitchF] multicast routing vpn-instance vpn2
[SwitchF-mrib-vpn2] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings, and enable multicast DCI. Configure the data group range to be the same as that on
Switch A to ensure correct forwarding.
[SwitchF] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchF-mvxlan-vpn1] address-family ipv4
[SwitchF-mvxlan-vpn1-ipv4] source loopback 0

154
 [SwitchF-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchF-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchF-mvxlan-vpn1-ipv4] dci enable
[SwitchF-mvxlan-vpn1-ipv4] quit
[SwitchF-mvxlan-vpn1] quit
# Configure VLAN-interface 80 that is connected to remote EDs.
[SwitchF] interface vlan-interface 80
[SwitchF-Vlan-interface80] ip address 89.1.1.2 255.255.255.0
[SwitchF-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface80] dci enable
[SwitchF-Vlan-interface80] quit
# Configure VLAN-interface 90 that is connected to remote EDs.
[SwitchF] interface vlan-interface 90
[SwitchF-Vlan-interface90] ip address 79.1.1.2 255.255.255.0
[SwitchF-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface90] dci enable
[SwitchF-Vlan-interface90] quit
# Configure Loopback 0.
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 99.99.99.99 32
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] pim sm
[SwitchF-LoopBack0] quit
# Configure Loopback 1.
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance vpn1
[SwitchF-LoopBack1] ip address 99.99.99.99 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# Configure Loopback 2.
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip binding vpn-instance vpn2
[SwitchF-LoopBack2] ip address 99.99.99.99 32
[SwitchF-LoopBack2] pim sm
[SwitchF-LoopBack2] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchF] pim vpn-instance vpn1
[SwitchF-pim-vpn1] c-bsr 99.99.99.99
[SwitchF-pim-vpn1] c-rp 99.99.99.99
[SwitchF-pim-vpn1] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpn2.
[SwitchF] pim vpn-instance vpn2
[SwitchF-pim-vpn2] c-bsr 99.99.99.99
[SwitchF-pim-vpn2] c-rp 99.99.99.99
[SwitchF-pim-vpn2] quit
10. Configure Switch G:

155
# Enable L2VPN and IP multicast routing.
<SwitchG> system-view
[SwitchG] l2vpn enable
[SwitchG] multicast routing
[SwitchG-mrib] quit
# Enable the IGMP snooping feature.
[SwitchG] igmp-snooping
[SwitchG-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchG] vxlan tunnel mac-learning disable
[SwitchG] vxlan tunnel arp-learning disable

# Create VLAN 31 and enter its view.

[SwitchG] vlan 31
[SwitchG-vlan31] quit
# Create an EVPN instance on VSI vpna.
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] evpn encapsulation vxlan
[SwitchG-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchG-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchG-vsi-vpna] igmp-snooping enable
[SwitchG-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 31.

[SwitchG-vsi-vpna] vxlan 31
[SwitchG-vsi-vpna-vxlan-31] quit
[SwitchG-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchG] bgp 300
[SwitchG-bgp-default] peer 99.99.99.99 as-number 300
[SwitchG-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchG-bgp-default-evpn] peer 99.99.99.99 next-hop-local
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 31.
[SwitchG] interface twenty-fivegige 1/0/1
[SwitchG-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchG-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 31
[SwitchG-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchG-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 31

# Map Ethernet service instance 100 to VSI vpna.

[SwitchG-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchG-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchG] ip vpn-instance vpn1

156
[SwitchG-vpn-instance-vpn1] route-distinguisher 3:2
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 import-extcommunity
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity
[SwitchG-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface1] ip address 192.168.60.1 255.255.255.0
[SwitchG-Vsi-interface1] igmp enable
[SwitchG-Vsi-interface1] pim sm
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1002
for the VPN instance.
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface2] l3-vni 1003
[SwitchG-Vsi-interface2] pim sm
[SwitchG-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchG] multicast routing vpn-instance vpn1
[SwitchG-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchG] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchG-mvxlan-vpn1] address-family ipv4
[SwitchG-mvxlan-vpn1-ipv4] source loopback 0
[SwitchG-mvxlan-vpn1-ipv4] quit
[SwitchG-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchG] interface loopback 0
[SwitchG-LoopBack0] ip address 6.6.6.6 32
[SwitchG-LoopBack0] ospf 1 area 0.0.0.0
[SwitchG-LoopBack0] pim sm
[SwitchG-LoopBack0] quit
# Configure Loopback 1.
[SwitchG] interface loopback 1
[SwitchG-LoopBack1] ip binding vpn-instance vpn1
[SwitchG-LoopBack1] ip address 6.6.6.6 32
[SwitchG-LoopBack1] pim sm
[SwitchG-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchG] pim vpn-instance vpn1
[SwitchG-pim-vpn1] c-bsr 6.6.6.6
[SwitchG-pim-vpn1] c-rp 6.6.6.6
[SwitchG-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.

157
 [SwitchG] vsi vpna
[SwitchG-vsi-vpna] gateway vsi-interface 1
[SwitchG-vsi-vpna] quit

Verifying the configuration

1. Verify the multicast routing information on Switch A, Switch B, Switch E, and Switch G. This
step uses Switch A as an example.
# Verify that Switch A has multicast routing entries for VPN instance vpn1.
<SwitchA> display pim vpn-instance vpn routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -

(192.168.10.10, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:08:58
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:08:06, Expires: 00:03:26

158
 (2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:07:53
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:07:53, Expires: -

(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:08:06
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:08:06, Expires: -

(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:07:53
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:07:53, Expires: 00:02:39
2. Verify the multicast routing information on the EDs. This step uses Switch C as an example.
# Verify that Switch C has multicast routing entries for VPN instance vpn1.
<SwitchC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:29:29
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:

159
 Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:29:29, Expires: -

(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 01:29:42
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Extranet (VPN: vpn2)
Protocol: MD, UpTime: 01:29:37, Expires: -
# Verify that Switch C has multicast routing entries for VPN instance vpn2.
<SwitchC> display pim vpn-instance vpn2 routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC
UpTime: 01:39:28
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:28, Expires: -

(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT
UpTime: 01:39:24
Upstream interface: Extranet (VPN: vpn1)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:24, Expires: -
# Verify that Switch C has multicast routing entries for the public network.
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

(1.1.1.1, 239.0.0.1)
RP: NULL

160
 Protocol: pim-sm, Flag: SPT
UpTime: 01:29:21
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:21, Expires: -

(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:29:08
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:20
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -

(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:30:55
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:21, Expires: 00:03:07
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:29:08
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:

161
 Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -

Example: Configuring DCI Layer 3 multicast with multiple L3

VXLAN IDs mapped to different intermediate L3 VXLAN IDs
Network configuration
As shown in Figure 18, the multicast source of multicast group 225.0.1.1 is attached to S witch A,
and the receivers of the multicast group are attached to Switch B, Switch E, and Switch G. All
receivers reside in VPN instance vpn1. Configure DCI Layer 3 multicast as follows:
• For DC 1, configure Switch A and Switch B as VTEPs, and configure Switch C as an ED.
• For DC 2, configure Switch E as a VTEP, and configure Switch D as an ED.
• For DC 3, configure Switch G as a VTEP, and configure Switch F as an ED.
• On Switch A, Switch B, Switch E, and Switch G, configure PIM SM on the public-network
interfaces. Enable IGMP snooping on Switch B, Switch E, and Switch G.
• For DC 1, assign L3 VXLAN ID 1001 to VPN instance vpn1. For DC 2, assign L3 VXLAN ID
1002 to VPN instance vpn1. For DC 3, assign L3 VXLAN ID 1003 to VPN instance vpn1.
• On Switch C and Switch D, create intermediate VPN instance vpn2 and assign L3 VXLAN ID
1122 to it.
• On Switch C and Switch F, create intermediate VPN instance vpn4 and assign L3 VXLAN ID
1133 to it.

162
 Figure 18 Network diagram
Loop0
Loop1
6.6.6.6/32
Receiver 3
WGE1/0/1
Vlan-int30
Loop0/Loop1/
33.1.1.1/24
Loop3/Loop4
99.99.99.99/32 Sw tich G 192.168.60.2/24
VSI-int1
192.168.60.1/24
Vlan-int30
Sw tich F 33.1.1.2/24 DC 3
Source Vlan-int90 Vlan-int80
192.168.10.2/24 79.1.1.2/24 89.1.1.2/24
Loop0/Loop1/ Loop0/Loop1/ Loop0
Loop2/Loop4 Loop2/Loop3 Loop1
77.77.77.77/32 Vlan-int90 88.88.88.88/32 4.4.4.4/32
79.1.1.1/24
Vlan-int80
WGE1/0/1 Vlan-int10 Sw tich C Vlan-int70 Vlan-int20 Sw tich E
89.1.1.1/24
Loop0 11.1.1.1/24 78.1.1.1/24 22.1.1.2/24
Loop1
Vlan-int10 Vlan-int70 Vlan-int20
1.1.1.1/32
11.1.1.2/24 Vlan-int20 78.1.1.2/24 22.1.1.1/24
Sw tich A 12.1.1.2/24 Sw tich D WGE1/0/1 VSI-int1
192.168.40.1/24
VSI-int1
192.168.10.1/24
Vlan-int20
12.1.1.2/24
Loop0
Sw tich B
DC 2 192.168.40.2/24
Loop1
DC 1 2.2.2.2/32 WGE1/0/1

192.168.20.2/24 Receiver 2
VSI-int1
192.168.20.1/24

Receiver 1

Procedure
1. Set the VXLAN hardware resource mode on Switches A through G and reboot the switches.
This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On the multicast source, specify 192.168.10.1 as the gateway address. On Receiver 1, specify
192.168.20.1 as the gateway address. On Receiver 2, specify 192.168.40.1 as the gateway
address. On Receiver 3, specify 192.168.60.1 as the gateway address. (Details not shown.)
3. Configure IP addresses, PIM SM, and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 18. (Details not shown.)
# Configure OSPF in each data center for the switches in a data center to reach one another.
(Details not shown.)
# Enable PIM SM on the VLAN interfaces that interconnect the devices in a data center.
(Details not shown.)

163
 As a best practice, do not enable PIM SM on the VLAN interfaces that interconnect the EDs.
4. Configure Switch A:
# Enable L2VPN and IP multicast routing.
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable

# Create VLAN 11 and enter its view.

[SwitchA] vlan 11
[SwitchA-vlan11] quit
# Create an EVPN instance on VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 11.

[SwitchA-vsi-vpna] vxlan 11
[SwitchA-vsi-vpna-vxlan-11] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 77.77.77.77 as-number 100
[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 11.
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 11
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchA-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 11

# Map Ethernet service instance 100 to VSI vpna.

164
[SwitchA-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchA-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1001
for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 1001
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings. Enable advertising active multicast sources through S-PMSI routes. Set the
data-delay period to 20 seconds, which is longer than the default frequency of sending the
same route update to a peer or peer group.
[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchA-mvxlan-vpn1] address-family ipv4
[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchA-mvxlan-vpn1-ipv4] source loopback 0
[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-vpn1-ipv4] data-delay 20
[SwitchA-mvxlan-vpn1-ipv4] quit
[SwitchA-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpn1

165
 [SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchA] pim vpn-instance vpn1
[SwitchA-pim-vpn1] c-bsr 1.1.1.1
[SwitchA-pim-vpn1] c-rp 1.1.1.1
[SwitchA-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
5. Configure Switch B:
# Enable L2VPN and IP multicast routing.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable

# Create VLAN 12 and enter its view.

[SwitchB] vlan 12
[SwitchB-vlan12] quit
# Create an EVPN instance on VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 12.

[SwitchB-vsi-vpna] vxlan 12
[SwitchB-vsi-vpna-vxlan-12] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 77.77.77.77 as-number 100
[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable

166
[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 12.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 12
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchB-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 12

# Map Ethernet service instance 100 to VSI vpna.

[SwitchB-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchB-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1001
for the VPN instance.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] l3-vni 1001
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchB] multicast routing vpn-instance vpn1
[SwitchB-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchB-mvxlan-vpn1] address-family ipv4
[SwitchB-mvxlan-vpn1-ipv4] source loopback 0
[SwitchB-mvxlan-vpn1-ipv4] quit
[SwitchB-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0

167
 [SwitchB-LoopBack0] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpn1
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchB] pim vpn-instance vpn1
[SwitchB-pim-vpn1] c-bsr 2.2.2.2
[SwitchB-pim-vpn1] c-rp 2.2.2.2
[SwitchB-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
6. Configure Switch C:
# Enable L2VPN and IP multicast routing.
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# Enable the IGMP snooping feature.
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Configure BGP to advertise BGP EVPN routes, and configure Switch C as an RR.
[SwitchC] bgp 100
[SwitchC-bgp-default] group group1 internal
[SwitchC-bgp-default] peer group1 connect-interface LoopBack0
[SwitchC-bgp-default] peer 1.1.1.1 group group1
[SwitchC-bgp-default] peer 2.2.2.2 group group1
[SwitchC-bgp-default] peer 88.88.88.88 as-number 200
[SwitchC-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchC-bgp-default] peer 99.99.99.99 as-number 300
[SwitchC-bgp-default] peer 99.99.99.99 connect-interface LoopBack0
[SwitchC-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer group1 enable
[SwitchC-bgp-default-evpn] peer group1 next-hop-local
[SwitchC-bgp-default-evpn] peer group1 reflect-client
[SwitchC-bgp-default-evpn] peer group1 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated imet replace-rt

168
[SwitchC-bgp-default-evpn] peer group1 advertise original -route
[SwitchC-bgp-default-evpn] peer group1 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchC-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 200:200 3000:3000 import-extcommunity
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchC-vpn-instance-vpn1] quit
# Configure RD and route target settings for VPN instance vpn2.
[SwitchC] ip vpn-instance vpn2
[SwitchC-vpn-instance-vpn2] route-distinguisher 1:11
[SwitchC-vpn-instance-vpn2] vpn-target 10:10 200:200 import-extcommunity
[SwitchC-vpn-instance-vpn2] vpn-target 100:100 export-extcommunity
[SwitchC-vpn-instance-vpn2] quit
# Configure RD and route target settings for VPN instance vpn4.
[SwitchC] ip vpn-instance vpn4
[SwitchC-vpn-instance-vpn4] route-distinguisher 1:111
[SwitchC-vpn-instance-vpn4] vpn-target 10:10 3000:3000 import-extcommunity
[SwitchC-vpn-instance-vpn4] vpn-target 1000:1000 export-extcommunity
[SwitchC-vpn-instance-vpn4] quit
# Associate VSI-interface 1 with VPN instance vpn1, and configure the L3 VXLAN ID as 1001
for the VPN instance.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface1] l3-vni 1001
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn2, and configure the L3 VXLAN ID as 1122
for the VPN instance.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchC-Vsi-interface2] l3-vni 1122

169
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit
# Associate VSI-interface 4 with VPN instance vpn4, and configure the L3 VXLAN ID as 1133
for the VPN instance.
[SwitchC] interface vsi-interface 4
[SwitchC-Vsi-interface4] ip binding vpn-instance vpn4
[SwitchC-Vsi-interface4] l3-vni 1133
[SwitchC-Vsi-interface4] pim sm
[SwitchC-Vsi-interface4] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchC] multicast routing vpn-instance vpn1
[SwitchC-mrib-vpn1] quit

# Enable IP multicast routing for VPN instance vpn2.

[SwitchC] multicast routing vpn-instance vpn2
[SwitchC-mrib-vpn2] quit

# Enable IP multicast routing for VPN instance vpn4.

[SwitchC] multicast routing vpn-instance vpn4
[SwitchC-mrib-vpn4] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group and MVXLAN source interface, and enable multicast
DCI.
[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchC-mvxlan-vpn1] address-family ipv4
[SwitchC-mvxlan-vpn1-ipv4] source loopback 0
[SwitchC-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchC-mvxlan-vpn1-ipv4] dci enable
[SwitchC-mvxlan-vpn1-ipv4] quit
[SwitchC-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchC] interface loopback 1
[SwitchC-LoopBack0] ip address 77.77.77.77 32
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] quit
# Configure Loopback 1.
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpn1
[SwitchC-LoopBack1] ip address 77.77.77.77 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# Configure Loopback 2.
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpn2
[SwitchC-LoopBack2] ip address 77.77.77.77 32
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# Configure Loopback 4.
[SwitchC] interface loopback 4

170
 [SwitchC-LoopBack4] ip binding vpn-instance vpn4
[SwitchC-LoopBack4] ip address 77.77.77.77 32
[SwitchC-LoopBack4] pim sm
[SwitchC-LoopBack4] quit
# Configure VLAN-interface 70 that is connected to remote EDs.
[SwitchC] interface vlan-interface 70
[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0
[SwitchC-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface70] dci enable
[SwitchC-Vlan-interface70] quit
# Configure VLAN-interface 90 that is connected to remote EDs.
[SwitchC] interface vlan-interface 90
[SwitchC-Vlan-interface90] ip address 79.1.1.1 255.255.255.0
[SwitchC-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface90] dci enable
[SwitchC-Vlan-interface90] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchC] pim vpn-instance vpn1
[SwitchC-pim-vpn1] c-bsr 77.77.77.77
[SwitchC-pim-vpn1] c-rp 77.77.77.77
[SwitchC-pim-vpn1] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpn2.
[SwitchC] pim vpn-instance vpn2
[SwitchC-pim-vpn2] c-bsr 77.77.77.77
[SwitchC-pim-vpn2] c-rp 77.77.77.77
[SwitchC-pim-vpn2] quit
# Enter VPN instance PIM view, and configure Loopback 4 as a candidate-BSR and
candidate-RP in VPN instance vpn4.
[SwitchC] pim vpn-instance vpn4
[SwitchC-pim-vpn4] c-bsr 77.77.77.77
[SwitchC-pim-vpn4] c-rp 77.77.77.77
[SwitchC-pim-vpn4] quit
7. Configure Switch D:
# Enable L2VPN and IP multicast routing.
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
# Enable the IGMP snooping feature.
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable

# Configure BGP to advertise BGP EVPN routes.

[SwitchD] bgp 200

171
[SwitchD-bgp-default] peer 4.4.4.4 as-number 200
[SwitchD-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 as-number 100
[SwitchD-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchD-bgp-default] peer 99.99.99.99 as-number 300
[SwitchD-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchD-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchD-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchD-vpn-instance-vpn1] quit
# Configure RD and route target settings for VPN instance vpn2.
[SwitchD] ip vpn-instance vpn2
[SwitchD-vpn-instance-vpn2] route-distinguisher 2:11
[SwitchD-vpn-instance-vpn2] vpn-target 20:20 100:100 import-extcommunity
[SwitchD-vpn-instance-vpn2] vpn-target 200:200 export-extcommunity
[SwitchD-vpn-instance-vpn2] quit
# Configure RD and route target settings for VPN instance vpn3.
[SwitchD] ip vpn-instance vpn3
[SwitchD-vpn-instance-vpn3] route-distinguisher 2:111
[SwitchD-vpn-instance-vpn3] vpn-target 20:20 300:300 import-extcommunity

172
[SwitchD-vpn-instance-vpn3] vpn-target 2000:2000 export-extcommunity
[SwitchD-vpn-instance-vpn3] quit
# Associate VSI-interface 1 with VPN instance vpn1, and configure the L3 VXLAN ID as 1002
for the VPN instance.
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface1] l3-vni 1002
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn2, and configure the L3 VXLAN ID as 1122
for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchD-Vsi-interface2] l3-vni 1122
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpn3, and configure the L3 VXLAN ID as 2233
for the VPN instance.
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpn3
[SwitchD-Vsi-interface3] l3-vni 2233
[SwitchD-Vsi-interface3] pim sm
[SwitchD-Vsi-interface3] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchD] multicast routing vpn-instance vpn1
[SwitchD-mrib-vpn1] quit

# Enable IP multicast routing for VPN instance vpn2.

[SwitchD] multicast routing vpn-instance vpn2
[SwitchD-mrib-vpn2] quit

# Enable IP multicast routing for VPN instance vpn3.

[SwitchD] multicast routing vpn-instance vpn3
[SwitchD-mrib-vpn3] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings, and enable multicast DCI. Configure the data group range to be the same as that on
Switch A to ensure correct forwarding.
[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchD-mvxlan-vpn1] address-family ipv4
[SwitchD-mvxlan-vpn1-ipv4] source loopback 0
[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchD-mvxlan-vpn1-ipv4] dci enable
[SwitchD-mvxlan-vpn1-ipv4] quit
[SwitchD-mvxlan-vpn1] quit
# Configure VLAN-interface 70 that is connected to remote EDs.
[SwitchD] interface vlan-interface 70
[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0
[SwitchD-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface70] dci enable

173
[SwitchD-Vlan-interface70] quit
# Configure VLAN-interface 80 that is connected to remote EDs.
[SwitchD] interface vlan-interface 80
[SwitchD-Vlan-interface80] ip address 89.1.1.1 255.255.255.0
[SwitchD-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface80] dci enable
[SwitchD-Vlan-interface80] quit
# Configure Loopback 0.
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 88.88.88.88 32
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] quit
# Configure Loopback 1.
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpn1
[SwitchD-LoopBack1] ip address 88.88.88.88 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# Configure Loopback 2.
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip binding vpn-instance vpn2
[SwitchD-LoopBack2] ip address 88.88.88.88 32
[SwitchD-LoopBack2] pim sm
[SwitchD-LoopBack2] quit
# Configure Loopback 3.
[SwitchD] interface loopback 3
[SwitchD-LoopBack3] ip binding vpn-instance vpn3
[SwitchD-LoopBack3] ip address 88.88.88.88 32
[SwitchD-LoopBack3] pim sm
[SwitchD-LoopBack3] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchD] pim vpn-instance vpn1
[SwitchD-pim-vpn1] c-bsr 88.88.88.88
[SwitchD-pim-vpn1] c-rp 88.88.88.88
[SwitchD-pim-vpn1] quit
# Enter VPN instance PIM view, and configure Loopback 2 as a candidate-BSR and
candidate-RP in VPN instance vpn2.
[SwitchD] pim vpn-instance vpn2
[SwitchD-pim-vpn2] c-bsr 88.88.88.88
[SwitchD-pim-vpn2] c-rp 88.88.88.88
[SwitchD-pim-vpn2] quit
# Enter VPN instance PIM view, and configure Loopback 3 as a candidate-BSR and
candidate-RP in VPN instance vpn3.
[SwitchD] pim vpn-instance vpn3
[SwitchD-pim-vpn3] c-bsr 88.88.88.88
[SwitchD-pim-vpn3] c-rp 88.88.88.88

174
 [SwitchD-pim-vpn3] quit
8. Configure Switch E:
# Enable L2VPN and IP multicast routing.
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
# Enable the IGMP snooping feature.
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable

# Create VLAN 21 and enter its view.

[SwitchE] vlan 21
[SwitchE-vlan12] quit
# Create an EVPN instance on VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 21.

[SwitchE-vsi-vpna] vxlan 21
[SwitchE-vsi-vpna-vxlan-21] quit
[SwitchE-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchE] bgp 200
[SwitchE-bgp-default] peer 88.88.88.88 as-number 200
[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 21.
[SwitchE] interface twenty-fivegige 1/0/1
[SwitchE-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchE-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 21
[SwitchE-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchE-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 21

# Map Ethernet service instance 100 to VSI vpna.

[SwitchE-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchE-Twenty-FiveGigE1/0/1-srv100] quit

175
# Configure RD and route target settings for VPN instance vpn1.
[SwitchE] ip vpn-instance vpn1
[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 import-extcommunity
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchE-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1002
for the VPN instance.
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface2] l3-vni 1002
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchE] multicast routing vpn-instance vpn1
[SwitchE-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchE-mvxlan-vpn1] address-family ipv4
[SwitchE-mvxlan-vpn1-ipv4] source loopback 0
[SwitchE-mvxlan-vpn1-ipv4] quit
[SwitchE-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] pim sm
[SwitchE-LoopBack0] quit
# Configure Loopback 1.
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance vpn1
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchE] pim vpn-instance vpn1
[SwitchE-pim-vpn1] c-bsr 4.4.4.4
[SwitchE-pim-vpn1] c-rp 4.4.4.4

176
 [SwitchE-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
9. Configure Switch F:
# Enable L2VPN and IP multicast routing.
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
# Enable the IGMP snooping feature.
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable

# Configure BGP to advertise BGP EVPN routes.

[SwitchF] bgp 300
[SwitchF-bgp-default] peer 6.6.6.6 as-number 300
[SwitchF-bgp-default] peer 6.6.6.6 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 as-number 100
[SwitchF-bgp-default] peer 77.77.77.77 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchF-bgp-default] peer 88.88.88.88 as-number 200
[SwitchF-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchF-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchF-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchF-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchF-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt

177
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchF] ip vpn-instance vpn1
[SwitchF-vpn-instance-vpn1] route-distinguisher 3:1
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 1000:1000 2000:2000 import-extcommunity
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity
[SwitchF-vpn-instance-vpn1] quit
# Configure RD and route target settings for VPN instance vpn3.
[SwitchF] ip vpn-instance vpn3
[SwitchF-vpn-instance-vpn3] route-distinguisher 3:11
[SwitchF-vpn-instance-vpn3] vpn-target 30:30 2000:2000 import-extcommunity
[SwitchF-vpn-instance-vpn3] vpn-target 300:300 export-extcommunity
[SwitchF-vpn-instance-vpn3] quit
# Configure RD and route target settings for VPN instance vpn4.
[SwitchF] ip vpn-instance vpn4
[SwitchF-vpn-instance-vpn4] route-distinguisher 3:111
[SwitchF-vpn-instance-vpn4] vpn-target 30:30 1000:1000 import-extcommunity
[SwitchF-vpn-instance-vpn4] vpn-target 3000:3000 export-extcommunity
[SwitchF-vpn-instance-vpn4] quit
# Associate VSI-interface 1 with VPN instance vpn1, and configure the L3 VXLAN ID as 1003
for the VPN instance.
[SwitchF] interface vsi-interface 1
[SwitchF-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface1] l3-vni 1003
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance vpn3, and configure the L3 VXLAN ID as 2233
for the VPN instance.
[SwitchF] interface vsi-interface 3
[SwitchF-Vsi-interface3] ip binding vpn-instance vpn3
[SwitchF-Vsi-interface3] l3-vni 2233
[SwitchF-Vsi-interface3] pim sm
[SwitchF-Vsi-interface3] quit
# Associate VSI-interface 4 with VPN instance vpn4, and configure the L3 VXLAN ID as 1133
for the VPN instance.
[SwitchF] interface vsi-interface 4
[SwitchF-Vsi-interface4] ip binding vpn-instance vpn4
[SwitchF-Vsi-interface4] l3-vni 1133
[SwitchF-Vsi-interface4] pim sm
[SwitchF-Vsi-interface4] quit

# Enable IP multicast routing for VPN instance vpn1.

[SwitchF] multicast routing vpn-instance vpn1
[SwitchF-mrib-vpn1] quit

# Enable IP multicast routing for VPN instance vpn2.

[SwitchF] multicast routing vpn-instance vpn3
[SwitchF-mrib-vpn3] quit

178
# Enable IP multicast routing for VPN instance vpn4.
[SwitchF] multicast routing vpn-instance vpn4
[SwitchF-mrib-vpn4] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the default group, MVXLAN source interface, and data group range
settings, and enable multicast DCI. Configure the data group range to be the same as that on
Switch A to ensure correct forwarding.
[SwitchF] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchF-mvxlan-vpn1] address-family ipv4
[SwitchF-mvxlan-vpn1-ipv4] source loopback 0
[SwitchF-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchF-mvxlan-vpn1-ipv4] data-group 239.1.1.0 30
[SwitchF-mvxlan-vpn1-ipv4] dci enable
[SwitchF-mvxlan-vpn1-ipv4] quit
[SwitchF-mvxlan-vpn1] quit
# Configure VLAN-interface 80 that is connected to remote EDs.
[SwitchF] interface vlan-interface 80
[SwitchF-Vlan-interface80] ip address 89.1.1.2 255.255.255.0
[SwitchF-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface80] dci enable
[SwitchF-Vlan-interface80] quit
# Configure VLAN-interface 90 that is connected to remote EDs.
[SwitchF] interface vlan-interface 90
[SwitchF-Vlan-interface90] ip address 79.1.1.2 255.255.255.0
[SwitchF-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface90] dci enable
[SwitchF-Vlan-interface90] quit
# Configure Loopback 0.
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 99.99.99.99 32
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] pim sm
[SwitchF-LoopBack0] quit
# Configure Loopback 1.
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance vpn1
[SwitchF-LoopBack1] ip address 99.99.99.99 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# Configure Loopback 3.
[SwitchF] interface loopback 3
[SwitchF-LoopBack3] ip binding vpn-instance vpn3
[SwitchF-LoopBack3] ip address 99.99.99.99 32
[SwitchF-LoopBack3] pim sm
[SwitchF-LoopBack3] quit
# Configure Loopback 4.
[SwitchF] interface loopback 4
[SwitchF-LoopBack4] ip binding vpn-instance vpn4

179
 [SwitchF-LoopBack4] ip address 99.99.99.99 32
[SwitchF-LoopBack4] pim sm
[SwitchF-LoopBack4] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchF] pim vpn-instance vpn1
[SwitchF-pim-vpn1] c-bsr 99.99.99.99
[SwitchF-pim-vpn1] c-rp 99.99.99.99
[SwitchF-pim-vpn1] quit
# Enter VPN instance PIM view, and configure Loopback 3 as a candidate-BSR and
candidate-RP in VPN instance vpn3.
[SwitchF] pim vpn-instance vpn3
[SwitchF-pim-vpn3] c-bsr 99.99.99.99
[SwitchF-pim-vpn3] c-rp 99.99.99.99
[SwitchF-pim-vpn3] quit
# Enter VPN instance PIM view, and configure Loopback 4 as a candidate-BSR and
candidate-RP in VPN instance vpn4.
[SwitchF] pim vpn-instance vpn4
[SwitchF-pim-vpn4] c-bsr 99.99.99.99
[SwitchF-pim-vpn4] c-rp 99.99.99.99
[SwitchF-pim-vpn4] quit
10. Configure Switch G:
# Enable L2VPN and IP multicast routing.
<SwitchG> system-view
[SwitchG] l2vpn enable
[SwitchG] multicast routing
[SwitchG-mrib] quit
# Enable the IGMP snooping feature.
[SwitchG] igmp-snooping
[SwitchG-igmp-snooping] quit
# Disable remote MAC address learning and remote ARP learning.
[SwitchG] vxlan tunnel mac-learning disable
[SwitchG] vxlan tunnel arp-learning disable

# Create VLAN 31 and enter its view.

[SwitchG] vlan 31
[SwitchG-vlan31] quit
# Create an EVPN instance on VSI vpna.
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] evpn encapsulation vxlan
[SwitchG-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchG-vsi-vpna-evpn-vxlan] quit
# Enable IGMP snooping and IGMP snooping proxying on VSI vpna.
[SwitchG-vsi-vpna] igmp-snooping enable
[SwitchG-vsi-vpna] igmp-snooping proxy enable

# Create VXLAN 31.

[SwitchG-vsi-vpna] vxlan 31
[SwitchG-vsi-vpna-vxlan-31] quit

180
[SwitchG-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchG] bgp 300
[SwitchG-bgp-default] peer 99.99.99.99 as-number 300
[SwitchG-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchG-bgp-default-evpn] peer 99.99.99.99 next-hop-local
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# On Twenty-FiveGigE 1/0/1, create Ethernet service instance 100 to match VLAN 31.
[SwitchG] interface twenty-fivegige 1/0/1
[SwitchG-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchG-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 31
[SwitchG-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchG-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 31

# Map Ethernet service instance 100 to VSI vpna.

[SwitchG-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchG-Twenty-FiveGigE1/0/1-srv100] quit
# Configure RD and route target settings for VPN instance vpn1.
[SwitchG] ip vpn-instance vpn1
[SwitchG-vpn-instance-vpn1] route-distinguisher 3:2
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 import-extcommunity
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity
[SwitchG-vpn-instance-vpn1] quit
# Configure VSI-interface 1.
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface1] ip address 192.168.60.1 255.255.255.0
[SwitchG-Vsi-interface1] igmp enable
[SwitchG-Vsi-interface1] pim sm
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1002
for the VPN instance.
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface2] l3-vni 1003
[SwitchG-Vsi-interface2] pim sm
[SwitchG-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance vpn1.
[SwitchG] multicast routing vpn-instance vpn1
[SwitchG-mrib-vpn1] quit
# Create an MDT-based MVXLAN for VPN instance vpn1 and enter MVXLAN IPv4 address
family view. Configure the MVXLAN source interface.
[SwitchG] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchG-mvxlan-vpn1] address-family ipv4
[SwitchG-mvxlan-vpn1-ipv4] source loopback 0

181
 [SwitchG-mvxlan-vpn1-ipv4] quit
[SwitchG-mvxlan-vpn1] quit
# Configure Loopback 0.
[SwitchG] interface loopback 0
[SwitchG-LoopBack0] ip address 6.6.6.6 32
[SwitchG-LoopBack0] ospf 1 area 0.0.0.0
[SwitchG-LoopBack0] pim sm
[SwitchG-LoopBack0] quit
# Configure Loopback 1.
[SwitchG] interface loopback 1
[SwitchG-LoopBack1] ip binding vpn-instance vpn1
[SwitchG-LoopBack1] ip address 6.6.6.6 32
[SwitchG-LoopBack1] pim sm
[SwitchG-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance vpn1.
[SwitchG] pim vpn-instance vpn1
[SwitchG-pim-vpn1] c-bsr 6.6.6.6
[SwitchG-pim-vpn1] c-rp 6.6.6.6
[SwitchG-pim-vpn1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] gateway vsi-interface 1
[SwitchG-vsi-vpna] quit

Verifying the configuration

1. Verify the multicast routing information on Switch A, Switch B, Switch E, and Switch G. This
step uses Switch A as an example.
# Verify that Switch A has multicast routing entries for VPN instance vpn1.
<SwitchA> display pim vpn-instance vpn routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -

(192.168.10.10, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL

182
 RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# Verify that Switch A has multicast routing entries for the public network.
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:08:58
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:08:06, Expires: 00:03:26

(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:07:53
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:07:53, Expires: -

(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:08:06
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:08:06, Expires: -

(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

183
 UpTime: 01:07:53
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:07:53, Expires: 00:02:39
2. Verify the multicast routing information on the EDs. This step uses Switch C as an example.
# Verify that Switch C has multicast routing entries for VPN instance vpn1.
<SwitchC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:09:14
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:09:14, Expires: -

(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:58:36
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpn2)
Protocol: MD, UpTime: 00:58:36, Expires: -
2: Extranet (VPN: vpn4)
Protocol: MD, UpTime: 00:58:36, Expires: -
# Verify that Switch C has multicast routing entries for VPN instance vpn2.
<SwitchC> display pim vpn-instance vpn2 routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC
UpTime: 01:39:28
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL

184
 RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:28, Expires: -

(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT
UpTime: 01:39:24
Upstream interface: Extranet (VPN: vpn1)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:24, Expires: -
# Verify that Switch C has multicast routing entries for VPN instance vpn4.
<SwitchC> display pim vpn-instance vpn4 routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC
UpTime: 01:04:54
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface4
Protocol: MD, UpTime: 01:04:54, Expires: -

(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT
UpTime: 01:00:09
Upstream interface: Extranet (VPN: vpn1)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface4
Protocol: MD, UpTime: 01:00:09, Expires: -
# Verify that Switch C has multicast routing entries for the public network.
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

185
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:29:21
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:21, Expires: -

(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:29:08
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:20
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -

(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:30:55
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:21, Expires: 00:03:07
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:29:08
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1

186
 RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -

Example: Configuring Layer 3 multicast without L3 VXLAN

ID mapping in a DCI multihoming scenario
Network configuration
As shown in Figure 19, the multicast source of multicast group 225.0.0.1 is attached to S witch A,
and the receivers of the multicast group are attached to Switch B, Switch J, and Switch L. Configure
Layer 3 multicast in a DCI multihoming scenario as follows:
• For DC 1, configure Switch A and Switch B as VTEPs, configure Switch C as an RR, and
configure Switch D, Switch E, and Switch F as EDs.
• For DC 2, configure Switch J as a VTEP, and configure Switch H and Switch I as EDs.
• For DC 3, configure Switch L as a VTEP, and configure Switch K as an ED.
• Assign L3 VXLAN ID 1000 to DC 1, DC 2, and DC 3.
• Configure Switch G to connect all the EDs.
• On Switch A through Switch L, configure PIM SM on the public-network interfaces used for
intra-data center connection. On Switch A, Switch B, Switch J, and Switch L, enable IGMP
snooping for multicat entry creation.

187
Figure 19 Network diagram

Source

Vlan-int3

Vlan-int30 Vlan-int3
Vlan-int6
Vlan-int4 Vlan-int300
Vlan-int10 Vlan-int6
Vlan-int10 Vlan-int4

Vlan-int9
Vlan-int40 Vlan-int300

Vlan-int20 Vlan-int40
Vlan-int20 Vlan-int50 Sw itch E
Sw itch C Vlan-int7
Vlan-int200

Vlan-int50 Vlan-int5

Vlan-int9

Vlan-int100

Vlan-int100

Device Interface IP address Device Interface IP address

Switch A Loop0 1.1.1.1/32 Switch B Loop0 2.2.2.2/32
Loop1 1.1.1.1/32 Loop1 2.2.2.2/32
Vlan-int10 121.121.121.1/24 WGE1/0/1 -
WGE1/0/2 - Vlan-int20 122.122.122.2/24
VSI-int1 10.0.0.1/24 VSI-int1 10.0.0.1/24
VSI-int2 - VSI-int2 -
Switch C Loop0 12.12.12.12/32 Swtich D Loop0 3.3.3.3/32
Vlan-int10 121.121.121.12/24 Loop1 3.3.3.3/32
Vlan-int20 122.122.122.12/24 Loop2 3.4.5.0/32
Vlan-int30 123.123.123.12/24 Vlan-int3 113.113.113.3/24
Vlan-int40 124.124.124.12/24 Vlan-int30 123.123.123.3/24
Vlan-int50 125.125.125.12/24 VSI-int2 -
Swtich E Loop0 4.4.4.4/32 Swtich F Loop0 5.5.5.5/32
Loop1 4.4.4.4/32 Loop1 5.5.5.5/32
Loop2 3.4.5.0/32 Loop2 3.4.5.0/32
Vlan-int4 114.114.114.4/24 Vlan-int50 125.125.125.5/24
Vlan-int40 124.124.124.4/24 Vlan-int5 115.115.115.5/24
VSI-int2 - VSI-int2 -
Swtich G Loop0 11.11.11.11/32 Switch J Loop0 8.8.8.8/32

188
 Device Interface IP address Device Interface IP address
Vlan-int3 113.113.113.11/24 Loop1 8.8.8.8/32
Vlan-int4 114.114.114.11/24 WGE1/0/1 -
Vlan-int5 115.115.115.11/24 Vlan-int200 78.78.78.87/24
Vlan-int9 119.119.119.11/24 Vlan-int300 68.68.68.86/24
Vlan-int7 117.117.117.11/24 VSI-int1 10.0.0.1/24
Vlan-int6 116.116.116.11/24 VSI-int2 -
Switch H Loop0 6.6.6.6/32 Switch I Loop0 7.7.7.7/32
Loop1 6.6.6.6/32 Loop1 7.7.7.7/32
Loop2 2.2.1.1/32 Loop2 2.2.1.1/32
Vlan-int300 68.68.68.68/24 Vlan-int7 117.117.117.7/24
Vlan-int6 116.116.116.6/24 Vlan-int200 78.78.78.78/24
VSI-int2 - VSI-int2 -
Swtich K Loop0 9.9.9.9/32 Switch L Loop0 10.10.10.10/32
Loop1 9.9.9.9/32 Loop1 10.10.10.10/32
Vlan-int100 109.109.109.9/24 Vlan-int100 109.109.109.10/24
Vlan-int9 119.119.119.9/24 WGE1/0/2 -
VSI-int2 - VSI-int1 10.0.0.1/24
VSI-int2 -

Procedure
1. Set the VXLAN hardware resource mode on Switches A through F and Switches H through L
and reboot the switches. This step uses Switch A as an example.
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
. ..... DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. Configure IP addresses, PIM SM, and unicast routing settings:
# On the multicast source and receivers, specify 10.0.0.1 as the gateway address. (Details not
shown.)
# Assign IP addresses to interfaces, as shown in Figure 19. (Details not shown.)
# Configure OSPF in each data center for the switches in a data center to reach one another.
(Details not shown.)
# Enable PIM SM on the VLAN interfaces that interconnect the devices in a data center.
(Details not shown.)
# Verify that PIM SM is disabled on the VLAN interfaces that interconnect the EDs. (Details not
shown.)
3. Configure Switch A:
# Enable L2VPN and IP multicast routing, start an OSPF process, and create VLAN 11.
<SwitchA> system-view

189
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] pim
[SwitchA-pim] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# Enable the IGMP snooping feature.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Configure Loopback 0.
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# Enable default IPv4 VXLAN decapsulation.
[SwitchA] vxlan default-decapsulation source interface loopback 0
# Create an EVPN instance on VSI 1.
[SwitchA] vsi 1
[SwitchA-vsi-1] evpn encapsulation vxlan
[SwitchA-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-1-evpn-vxlan] quit
# Enable IGMP snooping on VSI 1.
[SwitchA-vsi-1] igmp-snooping enable
# Create VXLAN 10.
[SwitchA-vsi-1] vxlan 10
[SwitchA-vsi-1-vxlan-10] quit
# Configure BGP to advertise BGP EVPN routes and enable the BGP additional path receiving
capability.
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 12.12.12.12 as-number 100
[SwitchA-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchA-bgp-default-evpn] peer 12.12.12.12 additional-paths receive
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On server-facing interface Twenty-FiveGigE 1/0/2, create Ethernet service instance 11 to
match VLAN 11.
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] port link-mode bridge
[SwitchA-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/2] port trunk permit vlan 1 11

190
[SwitchA-Twenty-FiveGigE1/0/2] service-instance 11
[SwitchA-Twenty-FiveGigE1/0/2-srv11] encapsulation s-vid 11
# Map Ethernet service instance 11 to VSI 1.
[SwitchA-Twenty-FiveGigE1/0/2-srv11] xconnect vsi 1
[SwitchA-Twenty-FiveGigE1/0/2-srv11] quit
[SwitchA-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance a.
[SwitchA] ip vpn-instance a
[SwitchA-vpn-instance-a] route-distinguisher 1:1
[SwitchA-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchA-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchA-vpn-instance-a] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance a
[SwitchA-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] mac-address 0001-0001-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance a
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# Enable IP multicast routing for the public network.
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] pim
[SwitchA-pim] quit
# Enable IP multicast routing for VPN instance a.
[SwitchA] multicast routing vpn-instance a
[SwitchA-mrib-a] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchA] pim vpn-instance a
[SwitchA-pim-a] c-bsr 1.1.1.1
[SwitchA-pim-a] c-rp 1.1.1.1
[SwitchA-pim-a] quit
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the default group, MVXLAN source interface, and data group range settings.
Enable advertising active multicast sources through S-PMSI routes. Set the data-delay period
to 20 seconds, which is longer than the default frequency of sending the same route update to
a peer or peer group.
[SwitchA] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchA-mvxlan-a] address-family ipv4

191
 [SwitchA-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchA-mvxlan-a-ipv4] source loopback 0
[SwitchA-mvxlan-a-ipv4] data-group 239.0.0.0 30
[SwitchA-mvxlan-a-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-a-ipv4] data-delay 20
[SwitchA-mvxlan-a-ipv4] quit
[SwitchA-mvxlan-a] quit
# Configure Loopback 1.
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance a
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# Specify VSI-interface 1 as the gateway interface for VSI 1.
[SwitchA] vsi 1
[SwitchA-vsi-1] gateway vsi-interface 1
[SwitchA-vsi-1] quit
4. Configure Switch B:
# Enable L2VPN and IP multicast routing, start an OSPF process, and create VLAN 22.
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] pim
[SwitchB-pim] quit
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB] vlan 22
[SwitchB-vlan22] quit
# Enable the IGMP snooping feature.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Configure Loopback 0.
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# Enable default IPv4 VXLAN decapsulation.
[SwitchB] vxlan default-decapsulation source interface loopback 0
# Create an EVPN instance on VSI 1.
[SwitchB] vsi 1
[SwitchB-vsi-1] evpn encapsulation vxlan
[SwitchB-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-1-evpn-vxlan] quit
# Enable IGMP snooping on VSI 1.

192
[SwitchB-vsi-1] igmp-snooping enable
# Create VXLAN 10.
[SwitchB-vsi-1] vxlan 10
[SwitchB-vsi-1-vxlan-10] quit
# Configure BGP to advertise BGP EVPN routes and enable the BGP additional path receiving
capability.
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 12.12.12.12 as-number 100
[SwitchB-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchB-bgp-default-evpn] peer 12.12.12.12 additional-paths receive
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On server-facing interface Twenty-FiveGigE 1/0/1, create Ethernet service instance 22 to
match VLAN 22.
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-mode bridge
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 22
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 22
[SwitchB-Twenty-FiveGigE1/0/1-srv22] encapsulation s-vid 22
# Map Ethernet service instance 22 to VSI 1.
[SwitchB-Twenty-FiveGigE1/0/1-srv22] xconnect vsi 1
[SwitchB-Twenty-FiveGigE1/0/1-srv22] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance a.
[SwitchB] ip vpn-instance a
[SwitchB-vpn-instance-a] route-distinguisher 2:2
[SwitchB-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchB-vpn-instance-a] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance a
[SwitchB-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 0001-0001-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance a
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit

193
 # Enable IP multicast routing for the public network.
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] pim
[SwitchB-pim] quit
# Enable IP multicast routing for VPN instance a.
[SwitchB] multicast routing vpn-instance a
[SwitchB-mrib-a] quit

# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchB] pim vpn-instance a
[SwitchB-pim-a] c-bsr 2.2.2.2
[SwitchB-pim-a] c-rp 2.2.2.2
[SwitchB-pim-a] quit
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the MVXLAN source interface.
[SwitchB] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchB-mvxlan-a] address-family ipv4
[SwitchB-mvxlan-a-ipv4] source loopback 0
[SwitchB-mvxlan-a-ipv4] quit
[SwitchB-mvxlan-a] quit
# Configure Loopback 1.
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance a
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# Specify VSI-interface 1 as the gateway interface for VSI 1.
[SwitchB] vsi 1
[SwitchB-vsi-1] gateway vsi-interface 1
[SwitchB-vsi-1] quit
5. Configure Switch C:
# Enable IP multicast routing and start an OSPF process.
<SwitchC> system-view
[SwitchC] multicast routing
[SwitchC-mrib] quit
[SwitchC] pim
[SwitchC-pim] quit
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# Configure Loopback 0.
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 12.12.12.12 32
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] quit

194
 # Configure Switch C as an RR to reflect BGP EVPN routes between switches. Enable the
BGP additional path sending capability to Switch A and Switch B, and set the maximum
number of Add-Path optimal routes that can be advertised. The maximum number of Add-Path
optimal routes cannot be smaller than the number of peer EDs.
[SwitchC] bgp 100
[SwitchC-bgp-default] group ED internal
[SwitchC-bgp-default] peer ED connect-interface loopback 0
[SwitchC-bgp-default] group VTEP internal
[SwitchC-bgp-default] peer VTEP connect-interface loopback 0
[SwitchC-bgp-default] peer 1.1.1.1 group VTEP
[SwitchC-bgp-default] peer 2.2.2.2 group VTEP
[SwitchC-bgp-default] peer 3.3.3.3 group ED
[SwitchC-bgp-default] peer 4.4.4.4 group ED
[SwitchC-bgp-default] peer 5.5.5.5 group ED
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] additional-paths select-best 3
[SwitchC-bgp-default-evpn] peer ED enable
[SwitchC-bgp-default-evpn] peer ED reflect-client
[SwitchC-bgp-default-evpn] peer VTEP enable
[SwitchC-bgp-default-evpn] peer VTEP reflect-client
[SwitchC-bgp-default-evpn] peer VTEP additional-paths send
[SwitchC-bgp-default-evpn] peer VTEP advertise additional-paths best 3
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
6. Configure Switch D:
# Enable L2VPN and IP multicast routing, and start an OSPF process and a RIP process.
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] pim
[SwitchD-pim] quit
[SwitchD] ospf 1
[SwitchD-ospf-1] area 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
[SwitchD] rip 1
[SwitchD-rip-1] network 3.0.0.0
[SwitchD-rip-1] network 113.0.0.0
[SwitchD-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# Configure RIP and enable DCI on the interface connected to a remote ED.
[SwitchD] interface vlan-interface 3
[SwitchD-Vlan-interface3] rip 1 enable
[SwitchD-Vlan-interface3] dci enable
[SwitchD-Vlan-interface3] quit

195
# Specify virtual ED address 3.4.5.0.
[SwitchD] evpn edge group 3.4.5.0
# Configure RD and route target settings for VPN instance a.
[SwitchD] ip vpn-instance a
[SwitchD-vpn-instance-a] route-distinguisher 3:3
[SwitchD-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchD-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchD-vpn-instance-a] quit
# Configure Loopback 0.
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 3.3.3.3 32
[SwitchD-LoopBack0] rip 1 enable
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] quit
# Configure Loopback 1.
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance a
[SwitchD-LoopBack1] ip address 3.3.3.3 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# Configure Loopback 2.
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip address 3.4.5.0 32
[SwitchD-LoopBack2] rip 1 enable
[SwitchD-LoopBack2] ospf 1 area 0.0.0.0
[SwitchD-LoopBack2] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance a
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit

# Enable IP multicast routing for VPN instance a.

[SwitchD] multicast routing vpn-instance a
[SwitchD-mrib-a] quit

# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchD] pim vpn-instance a
[SwitchD-pim-a] c-bsr 3.3.3.3
[SwitchD-pim-a] c-rp 3.3.3.3
[SwitchD-pim-a] quit
# Specify peer EDs for the local ED.
[SwitchD] multicast-vpn vxlan edge remote 4.4.4.4
[SwitchD] multicast-vpn vxlan edge remote 5.5.5.5
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the default group and MVXLAN source interface, and enable multicast DCI.
[SwitchD] multicast-vpn vxlan vpn-instance a mode mdt

196
[SwitchD-mvxlan-a] address-family ipv4
[SwitchD-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchD-mvxlan-a-ipv4] source loopback 0
[SwitchD-mvxlan-a-ipv4] dci enable
[SwitchD-mvxlan-a-ipv4] quit
[SwitchD-mvxlan-a] quit
# Configure a routing policy. Configure Switch D to not forward the SMET and S -PMSI routes
received from Switch H and Switch I to Switch K. Configure Switch D to not forward the SMET
and S-PMSI routes received from Switch K to Switch H and Switch I.
[SwitchD] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchD] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchD] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchD] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchD] route-policy dc2 deny node 0
[SwitchD-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchD-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchD-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchD-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchD-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchD-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-dc3-1] quit
# Configure a routing policy to change the next hop of the S-PMSI routes sent from Switch D to
Switch C to 3.3.3.3.
[SwitchD] route-policy rt_spmsi permit node 0
[SwitchD-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchD-route-policy-rt_spmsi-0] apply ip-address next-hop 3.3.3.3
[SwitchD-route-policy-rt_spmsi-0] quit
[SwitchD] route-policy rt_spmsi permit node 1
[SwitchD-route-policy-rt_spmsi-1] quit
# Enable BGP to advertise BGP EVPN routes and configure Switch C as an RR.
[SwitchD] bgp 100
[SwitchD-bgp-default] group ED2 external
[SwitchD-bgp-default] peer ED2 as-number 200
[SwitchD-bgp-default] peer ED2 connect-interface loopback 0
[SwitchD-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchD-bgp-default] peer 6.6.6.6 group ED2
[SwitchD-bgp-default] peer 7.7.7.7 group ED2
[SwitchD-bgp-default] peer 9.9.9.9 as-number 300
[SwitchD-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchD-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchD-bgp-default] peer 12.12.12.12 as-number 100
[SwitchD-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] undo policy vpn-target
[SwitchD-bgp-default-evpn] peer ED2 enable
[SwitchD-bgp-default-evpn] peer ED2 route-policy dc2 export

197
 [SwitchD-bgp-default-evpn] peer ED2 router-mac-local
[SwitchD-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchD-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchD-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchD-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchD-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
7. Configure Switch E:
# Enable L2VPN and IP multicast routing, and start an OSPF process and a RIP process.
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
[SwitchE] pim
[SwitchE-pim] quit
[SwitchE] ospf 1
[SwitchE-ospf-1] area 0.0.0.0
[SwitchE-ospf-1-area-0.0.0.0] quit
[SwitchE] rip 1
[SwitchE-rip-1] network 4.0.0.0
[SwitchE-rip-1] network 114.0.0.0
[SwitchE-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# Configure RIP and enable DCI on the interface connected to a remote ED.
[SwitchE] interface vlan-interface 4
[SwitchE-Vlan-interface4] rip 1 enable
[SwitchE-Vlan-interface4] dci enable

# Configure Loopback 0.
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] rip 1 enable
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] quit
# Configure RD and route target settings for VPN instance a.
[SwitchE] ip vpn-instance a
[SwitchE-vpn-instance-a] route-distinguisher 4:4
[SwitchE-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchE-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchE-vpn-instance-a] quit
# Configure Loopback 1.
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance a
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit

198
# Configure Loopback 2.
[SwitchE] interface loopback 2
[SwitchE-LoopBack2] ip address 3.4.5.0 32
[SwitchE-LoopBack2] rip 1 enable
[SwitchE-LoopBack2] ospf 1 area 0.0.0.0
[SwitchE-LoopBack2] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance a
[SwitchE-Vsi-interface2] l3-vni 1000
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# Specify virtual ED address 3.4.5.0.
[SwitchE] evpn edge group 3.4.5.0
# Enable IP multicast routing for VPN instance a.
[SwitchE] multicast routing vpn-instance a
[SwitchE-mrib-a] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchE] pim vpn-instance a
[SwitchE-pim-a] c-bsr 4.4.4.4
[SwitchE-pim-a] c-rp 4.4.4.4
[SwitchE-pim-a] quit
# Specify peer EDs for the local ED.
[SwitchE] multicast-vpn vxlan edge remote 3.3.3.3
[SwitchE] multicast-vpn vxlan edge remote 5.5.5.5
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the default group and MVXLAN source interface, and enable multicast DCI.
[SwitchE] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchE-mvxlan-a] address-family ipv4
[SwitchE-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchE-mvxlan-a-ipv4] source loopback 0
[SwitchE-mvxlan-a-ipv4] dci enable
[SwitchE-mvxlan-a-ipv4] quit
[SwitchE-mvxlan-a] quit
# Configure a routing policy. Configure Switch E to not forward the SMET and S -PMSI routes
received from Switch H and Switch I to Switch K. Configure Switch E to not forward the SMET
and S-PMSI routes received from Switch K to Switch H and Switch I.
[SwitchE] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchE] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchE] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchE] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchE] route-policy dc2 deny node 0
[SwitchE-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchE-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchE-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchE-route-policy-dc2-1] route-policy dc3 deny node 0

199
 [SwitchE-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchE-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchE-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchE-route-policy-dc3-1] quit
# Configure a routing policy to change the next hop of the S-PMSI routes sent from Switch E to
Switch C to 4.4.4.4.
[SwitchE] route-policy rt_spmsi permit node 0
[SwitchE-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchE-route-policy-rt_spmsi-0] apply ip-address next-hop 4.4.4.4
[SwitchE-route-policy-rt_spmsi-0] quit
[SwitchE] route-policy rt_spmsi permit node 1
[SwitchE-route-policy-rt_spmsi-1] quit
# Enable BGP to advertise BGP EVPN routes and configure Switch C as an RR.
[SwitchE] bgp 100
[SwitchE-bgp-default] group ED2 external
[SwitchE-bgp-default] peer ED2 as-number 200
[SwitchE-bgp-default] peer ED2 connect-interface loopback 0
[SwitchE-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchE-bgp-default] peer 6.6.6.6 group ED2
[SwitchE-bgp-default] peer 7.7.7.7 group ED2
[SwitchE-bgp-default] peer 9.9.9.9 as-number 300
[SwitchE-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchE-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchE-bgp-default] peer 12.12.12.12 as-number 100
[SwitchE-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] undo policy vpn-target
[SwitchE-bgp-default-evpn] peer ED2 enable
[SwitchE-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchE-bgp-default-evpn] peer ED2 router-mac-local
[SwitchE-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchE-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchE-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchE-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchE-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
8. Configure Switch F:
# Enable L2VPN and IP multicast routing, and start an OSPF process and a RIP process.
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
[SwitchF] pim
[SwitchF-pim] quit
[SwitchF] ospf 1
[SwitchF-ospf-1] area 0.0.0.0

200
[SwitchF-ospf-1-area-0.0.0.0] quit
[SwitchF] rip 1
[SwitchF-rip-1] network 5.0.0.0
[SwitchF-rip-1] network 115.0.0.0
[SwitchF-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit

# Configure Loopback 0.
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 5.5.5.5 32
[SwitchF-LoopBack0] rip 1 enable
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] quit
# Configure RIP and enable DCI on the interface connected to a remote ED
[SwitchF] interface vlan-interface 5
[SwitchF-Vlan-interface5] rip 1 enable
[SwitchF-Vlan-interface5] dci enable
# Configure RD and route target settings for VPN instance a.
[SwitchF] ip vpn-instance a
[SwitchF-vpn-instance-a] route-distinguisher 5:5
[SwitchF-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchF-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchF-vpn-instance-a] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance a
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
# Specify virtual ED address 3.4.5.0.
[SwitchF] evpn edge group 3.4.5.0
# Specify peer EDs for the local ED.
[SwitchF] multicast-vpn vxlan edge remote 3.3.3.3
[SwitchF] multicast-vpn vxlan edge remote 4.4.4.4

# Configure Loopback 1.
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance a
[SwitchF-LoopBack1] ip address 5.5.5.5 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# Configure Loopback 2.
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip address 3.4.5.0 32
[SwitchF-LoopBack2] rip 1 enable
[SwitchF-LoopBack2] ospf 1 area 0.0.0.0
[SwitchF-LoopBack2] quit

201
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchF] pim vpn-instance a
[SwitchF-pim-a] c-bsr 5.5.5.5
[SwitchF-pim-a] c-rp 5.5.5.5
[SwitchF-pim-a] quit
# Enable IP multicast routing for VPN instance a.
[SwitchF] multicast routing vpn-instance a
[SwitchF-mrib-a] quit
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the default group and MVXLAN source interface, and enable multicast DCI.
[SwitchF] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchF-mvxlan-a] address-family ipv4
[SwitchF-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchF-mvxlan-a-ipv4] source loopback 0
[SwitchF-mvxlan-a-ipv4] dci enable
[SwitchF-mvxlan-a-ipv4] quit
[SwitchF-mvxlan-a] quit
# Configure a routing policy. Configure Switch F to not forward the SMET and S -PMSI routes
received from Switch H and Switch I to Switch K. Configure Switch F to not forward the SMET
and S-PMSI routes received from Switch K to Switch H and Switch I.
[SwitchF] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchF] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchF] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchF] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchF] route-policy dc2 deny node 0
[SwitchF-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchF-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchF-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchF-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchF-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchF-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-dc3-1] quit
# Configure a routing policy to change the next hop of the S-PMSI routes sent from Switch F to
Switch C to 5.5.5.5.
[SwitchF] route-policy rt_spmsi permit node 0
[SwitchF-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchF-route-policy-rt_spmsi-0] apply ip-address next-hop 5.5.5.5
[SwitchF] quit
[SwitchF-route-policy-rt_spmsi-0] route-policy rt_spmsi permit node 1
[SwitchF-route-policy-rt_spmsi-1] quit
# Enable BGP to advertise BGP EVPN routes and configure Switch C as an RR.
[SwitchF] bgp 100
[SwitchF-bgp-default] group ED2 external
[SwitchF-bgp-default] peer ED2 as-number 200
[SwitchF-bgp-default] peer ED2 connect-interface loopback 0

202
 [SwitchF-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchF-bgp-default] peer 6.6.6.6 group ED2
[SwitchF-bgp-default] peer 7.7.7.7 group ED2
[SwitchF-bgp-default] peer 9.9.9.9 as-number 300
[SwitchF-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchF-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchF-bgp-default] peer 12.12.12.12 as-number 100
[SwitchF-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] undo policy vpn-target
[SwitchF-bgp-default-evpn] peer ED2 enable
[SwitchF-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchF-bgp-default-evpn] peer ED2 router-mac-local
[SwitchF-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchF-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchF-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchF-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchF-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
9. Configure Switch G:
# Start a RIP process.
<SwitchG> system-view
[SwitchG] rip 1
[SwitchG-rip-1] network 113.0.0.0
[SwitchG-rip-1] network 114.0.0.0
[SwitchG-rip-1] network 115.0.0.0
[SwitchG-rip-1] network 116.0.0.0
[SwitchG-rip-1] network 117.0.0.0
[SwitchG-rip-1] network 119.0.0.0
[SwitchG-rip-1] quit
# Configure RIP on the interfaces connected to EDs.
[SwitchG] interface vlan-interface 3
[SwitchG-Vlan-interface3] rip 1 enable
[SwitchG-Vlan-interface3] quit
[SwitchG] interface vlan-interface 4
[SwitchG-Vlan-interface4] rip 1 enable
[SwitchG-Vlan-interface4] quit
[SwitchG] interface vlan-interface 5
[SwitchG-Vlan-interface5] rip 1 enable
[SwitchG-Vlan-interface5] quit
[SwitchG] interface vlan-interface 6
[SwitchG-Vlan-interface6] rip 1 enable
[SwitchG-Vlan-interface6] quit
[SwitchG] interface vlan-interface 7
[SwitchG-Vlan-interface7] rip 1 enable
[SwitchG-Vlan-interface7] quit
[SwitchG] interface vlan-interface 9

203
 [SwitchG-Vlan-interface9] rip 1 enable
[SwitchG-Vlan-interface9] quit
10. Configure Switch H:
# Enable L2VPN and IP multicast routing, and start an OSPF process and a RIP process.
<SwitchH> system-view
[SwitchH] l2vpn enable
[SwitchH] multicast routing
[SwitchH-mrib] quit
[SwitchH] pim
[SwitchH-pim] quit
[SwitchH] ospf 1
[SwitchH-ospf-1] area 0.0.0.0
[SwitchH-ospf-1-area-0.0.0.0] quit
[SwitchH] rip 1
[SwitchH-rip-1] network 2.0.0.0
[SwitchH-rip-1] network 6.0.0.0
[SwitchH-rip-1] network 116.0.0.0
[SwitchH-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchH] igmp-snooping
[SwitchH-igmp-snooping] quit
# Configure Loopback 0.
[SwitchH] interface loopback 0
[SwitchH-LoopBack0] ip address 6.6.6.6 32
[SwitchH-LoopBack0] rip 1 enable
[SwitchH-LoopBack0] ospf 1 area 0.0.0.0
[SwitchH-LoopBack0] quit
# Configure RIP and enable DCI on the interface connected to a remote ED.
[SwitchH] interface vlan-interface 6
[SwitchH-Vlan-interface6] rip 1 enable
[SwitchH-Vlan-interface6] dci enable
[SwitchH-Vlan-interface6] quit
# Configure RD and route target settings for VPN instance a.
[SwitchH] ip vpn-instance a
[SwitchH-vpn-instance-a] route-distinguisher 6:6
[SwitchH-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchH-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchH-vpn-instance-a] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchH] interface vsi-interface 2
[SwitchH-Vsi-interface2] ip binding vpn-instance a
[SwitchH-Vsi-interface2] l3-vni 1000
[SwitchH-Vsi-interface2] pim sm
[SwitchH-Vsi-interface2] quit

# Configure Loopback 1.
[SwitchH] interface loopback 1
[SwitchH-LoopBack1] ip binding vpn-instance a

204
[SwitchH-LoopBack1] ip address 6.6.6.6 32
[SwitchH-LoopBack1] pim sm
[SwitchH-LoopBack1] quit
# Configure Loopback 2.
[SwitchH] interface loopback 2
[SwitchH-LoopBack2] ip address 2.2.1.1 32
[SwitchH-LoopBack2] rip 1 enable
[SwitchH-LoopBack2] ospf 1 area 0.0.0.0
[SwitchH-LoopBack2] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchH] pim vpn-instance a
[SwitchH-pim-a] c-bsr 6.6.6.6
[SwitchH-pim-a] c-rp 6.6.6.6
[SwitchH-pim-a] quit
# Enable IP multicast routing for VPN instance a.
[SwitchH] multicast routing vpn-instance a
[SwitchH-mrib-a] quit
# Specify virtual ED address 2.2.1.1.
[SwitchH] evpn edge group 2.2.1.1
# Specify peer EDs for the local ED.
[SwitchH] multicast-vpn vxlan edge remote 7.7.7.7
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the default group, MVXLAN source interface, and data group range settings,
and enable multicast DCI. Configure the data group range to be the same as that on Switch A
to ensure correct forwarding.
[SwitchH] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchH-mvxlan-a] address-family ipv4
[SwitchH-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchH-mvxlan-a-ipv4] source loopback 0
[SwitchH-mvxlan-a-ipv4] data-group 239.0.0.0 30
[SwitchH-mvxlan-a-ipv4] dci enable
[SwitchH-mvxlan-a-ipv4] quit
[SwitchH-mvxlan-a] quit
# Configure a routing policy. Configure Switch H to not forward the SMET and S -PMSI routes
received from Switch D, Switch E, and Switch F to Switch K. Configure Switch H to not forward
the SMET and S-PMSI routes received from Switch K to Switch D, Switch E, and Switch F.
[SwitchH] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchH] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchH] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchH] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchH] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchH] route-policy dc1 deny node 0
[SwitchH-route-policy-dc1-0] if-match ip route-source prefix-list 3
[SwitchH-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchH-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchH-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchH-route-policy-dc1-1] route-policy dc3 deny node 0
[SwitchH-route-policy-dc3-0] if-match ip route-source prefix-list 1

205
 [SwitchH-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchH-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchH-route-policy-dc3-1] if-match ip route-source prefix-list 0
[SwitchH-route-policy-dc3-1] quit
# Configure a routing policy to change the next hop of the S-PMSI routes sent from Switch H to
Switch J to 6.6.6.6.
[SwitchH] route-policy rt_spmsi permit node 0
[SwitchH-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchH-route-policy-rt_spmsi-0] apply ip-address next-hop 6.6.6.6
[SwitchH-route-policy-rt_spmsi-0] quit
[SwitchH] route-policy rt_spmsi permit node 1
[SwitchH-route-policy-rt_spmsi-1] quit
# Enable BGP to advertise BGP EVPN routes.
[SwitchH] bgp 200
[SwitchH-bgp-default] group ED1 external
[SwitchH-bgp-default] peer ED1 as-number 100
[SwitchH-bgp-default] peer ED1 connect-interface loopback 0
[SwitchH-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchH-bgp-default] peer 3.3.3.3 group ED1
[SwitchH-bgp-default] peer 4.4.4.4 group ED1
[SwitchH-bgp-default] peer 5.5.5.5 group ED1
[SwitchH-bgp-default] peer 7.7.7.7 as-number 200
[SwitchH-bgp-default] peer 7.7.7.7 connect-interface loopback 0
[SwitchH-bgp-default] peer 8.8.8.8 as-number 200
[SwitchH-bgp-default] peer 8.8.8.8 connect-interface loopback 0
[SwitchH-bgp-default] peer 9.9.9.9 as-number 300
[SwitchH-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchH-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchH-bgp-default] address-family l2vpn evpn
[SwitchH-bgp-default-evpn] peer ED1 enable
[SwitchH-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchH-bgp-default-evpn] peer ED1 router-mac-local
[SwitchH-bgp-default-evpn] peer 7.7.7.7 enable
[SwitchH-bgp-default-evpn] peer 7.7.7.7 next-hop-local
[SwitchH-bgp-default-evpn] peer 8.8.8.8 enable
[SwitchH-bgp-default-evpn] peer 8.8.8.8 route-policy rt_spmsi export
[SwitchH-bgp-default-evpn] peer 8.8.8.8 next-hop-local
[SwitchH-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchH-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchH-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchH-bgp-default-evpn] quit
[SwitchH-bgp-default] quit
11. Configure Switch I:
# Enable L2VPN and IP multicast routing, and start an OSPF process and a RIP process.
<SwitchI> system-view
[SwitchI] l2vpn enable
[SwitchI] multicast routing
[SwitchI-mrib] quit

206
[SwitchI] pim
[SwitchI-pim] quit
[SwitchI] ospf 1
[SwitchI-ospf-1] area 0.0.0.0
[SwitchI-ospf-1-area-0.0.0.0] quit
[SwitchI] rip 1
[SwitchI-rip-1] network 2.0.0.0
[SwitchI-rip-1] network 7.0.0.0
[SwitchI-rip-1] network 117.0.0.0
[SwitchI-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchI] igmp-snooping
[SwitchI-igmp-snooping] quit
# Configure Loopback 0.
[SwitchI] interface loopback 0
[SwitchI-LoopBack0] ip address 7.7.7.7 32
[SwitchI-LoopBack0] rip 1 enable
[SwitchI-LoopBack0] ospf 1 area 0.0.0.0
[SwitchI-LoopBack0] quit
# Configure RIP and enable DCI on the interface connected to a remote ED.
[SwitchI] interface vlan-interface 7
[SwitchI-Vlan-interface7] rip 1 enable
[SwitchI-Vlan-interface7] dci enable
# Configure RD and route target settings for VPN instance a.
[SwitchI] ip vpn-instance a
[SwitchI-vpn-instance-a] route-distinguisher 7:7
[SwitchI-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchI-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchI-vpn-instance-a] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchI] interface vsi-interface 2
[SwitchI-Vsi-interface2] ip binding vpn-instance a
[SwitchI-Vsi-interface2] l3-vni 1000
[SwitchI-Vsi-interface2] pim sm
[SwitchI-Vsi-interface2] quit
# Configure Loopback 1.
[SwitchI] interface loopback 1
[SwitchI-LoopBack1] ip binding vpn-instance a
[SwitchI-LoopBack1] ip address 7.7.7.7 32
[SwitchI-LoopBack1] pim sm
[SwitchI-LoopBack1] quit
# Configure Loopback 2.
[SwitchI] interface loopback 2
[SwitchI-LoopBack2] ip address 2.2.1.1 32
[SwitchI-LoopBack2] rip 1 enable
[SwitchI-LoopBack2] ospf 1 area 0.0.0.0
[SwitchI-LoopBack2] quit

207
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchI] pim vpn-instance a
[SwitchI-pim-a] c-bsr 7.7.7.7
[SwitchI-pim-a] c-rp 7.7.7.7
[SwitchI-pim-a] quit
# Enable IP multicast routing for VPN instance a.
[SwitchI] multicast routing vpn-instance a
[SwitchI-mrib-a] quit

# Specify virtual ED address 2.2.1.1.

[SwitchI] evpn edge group 2.2.1.1
# Specify peer EDs for the local ED.
[SwitchI] multicast-vpn vxlan edge remote 6.6.6.6
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the default group, MVXLAN source interface, and data group range settings,
and enable multicast DCI. Configure the data group range to be the same as that on Switch A
to ensure correct forwarding.
[SwitchI] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchI-mvxlan-a] address-family ipv4
[SwitchI-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchI-mvxlan-a-ipv4] source loopback 0
[SwitchI-mvxlan-a-ipv4] data-group 239.0.0.0 30
[SwitchI-mvxlan-a-ipv4] dci enable
[SwitchI-mvxlan-a-ipv4] quit
[SwitchI-mvxlan-a] quit
# Configure a routing policy. Configure Switch I to not forward the SMET and S-PMSI routes
received from Switch D, Switch E, and Switch F to Switch K. Configure Switch I to not forward
the SMET and S-PMSI routes received from Switch K to Switch D, Switch E, and Switch F.
[SwitchI] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchI] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchI] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchI] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchI] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchI] route-policy dc1 deny node 0
[SwitchI-route-policy-dc1-0] if-match ip route-source prefix-list 3
[SwitchI-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchI-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchI-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchI-route-policy-dc1-1] route-policy dc3 deny node 0
[SwitchI-route-policy-dc3-0] if-match ip route-source prefix-list 1
[SwitchI-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchI-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchI-route-policy-dc3-1] if-match ip route-source prefix-list 0
[SwitchI-route-policy-dc3-1] quit
# Configure a routing policy to change the next hop of the S-PMSI routes sent from Switch I to
Switch J to 7.7.7.7.
[SwitchI] route-policy rt_spmsi permit node 0
[SwitchI-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchI-route-policy-rt_spmsi-0] apply ip-address next-hop 7.7.7.7

208
 [SwitchI-route-policy-rt_spmsi-0] route-policy rt_spmsi permit node 1
[SwitchI-route-policy-rt_spmsi-1] quit
# Enable BGP to advertise BGP EVPN routes.
[SwitchI] bgp 200
[SwitchI-bgp-default] group ED1 external
[SwitchI-bgp-default] peer ED1 as-number 100
[SwitchI-bgp-default] peer ED1 connect-interface loopback 0
[SwitchI-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchI-bgp-default] peer 3.3.3.3 group ED1
[SwitchI-bgp-default] peer 4.4.4.4 group ED1
[SwitchI-bgp-default] peer 5.5.5.5 group ED1
[SwitchI-bgp-default] peer 6.6.6.6 as-number 200
[SwitchI-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchI-bgp-default] peer 8.8.8.8 as-number 200
[SwitchI-bgp-default] peer 8.8.8.8 connect-interface loopback 0
[SwitchI-bgp-default] peer 9.9.9.9 as-number 300
[SwitchI-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchI-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchI-bgp-default] address-family l2vpn evpn
[SwitchI-bgp-default-evpn] peer ED1 enable
[SwitchI-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchI-bgp-default-evpn] peer ED1 router-mac-local
[SwitchI-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchI-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchI-bgp-default-evpn] peer 8.8.8.8 enable
[SwitchI-bgp-default-evpn] peer 8.8.8.8 route-policy rt_spmsi export
[SwitchI-bgp-default-evpn] peer 8.8.8.8 next-hop-local
[SwitchI-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchI-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchI-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchI-bgp-default-evpn] quit
[SwitchI-bgp-default] quit
12. Configure Switch J:
# Enable L2VPN and IP multicast routing, start an OSPF process, and create VLAN 33.
<SwitchJ> system-view
[SwitchJ] l2vpn enable
[SwitchJ] multicast routing
[SwitchJ-mrib] quit
[SwitchJ] pim
[SwitchJ-pim] quit
[SwitchJ] ospf 1
[SwitchJ-ospf-1] area 0.0.0.0
[SwitchJ-ospf-1- area-0.0.0.0] quit
[SwitchJ] vlan 33
[SwitchJ-vlan33] quit
# Enable the IGMP snooping feature.
[SwitchJ] igmp-snooping
[SwitchJ-igmp-snooping] quit

209
# Configure Loopback 0.
[SwitchJ] interface loopback 0
[SwitchJ-LoopBack0] ip address 8.8.8.8 32
[SwitchJ-LoopBack0] pim sm
[SwitchJ-LoopBack0] ospf 1 area 0.0.0.0
[SwitchJ-LoopBack0] quit
# Enable default IPv4 VXLAN decapsulation.
[SwitchJ] vxlan default-decapsulation source interface loopback 0
# Create an EVPN instance on VSI 1.
[SwitchJ] vsi 1
[SwitchJ-vsi-1] evpn encapsulation vxlan
[SwitchJ-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchJ-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchJ-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchJ-vsi-1-evpn-vxlan] quit
# Enable IGMP snooping on VSI 1.
[SwitchJ-vsi-1] igmp-snooping enable
# Create VXLAN 10.
[SwitchJ-vsi-1] vxlan 10
[SwitchJ-vsi-1-vxlan-10] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchJ] bgp 200
[SwitchJ-bgp-default] group ed internal
[SwitchJ-bgp-default] peer ed connect-interface loopback 0
[SwitchJ-bgp-default] peer 6.6.6.6 group ed
[SwitchJ-bgp-default] peer 7.7.7.7 group ed
[SwitchJ-bgp-default] address-family l2vpn evpn
[SwitchJ-bgp-default-evpn] peer ed enable
[SwitchJ-bgp-default-evpn] peer ed next-hop-local
[SwitchJ-bgp-default-evpn] peer ed additional-paths receive
[SwitchJ-bgp-default-evpn] quit
[SwitchJ-bgp-default] quit
# On server-facing interface Twenty-FiveGigE 1/0/1, create Ethernet service instance 33 to
match VLAN 33.
[SwitchJ] interface twenty-fivegige 1/0/1
[SwitchJ-Twenty-FiveGigE1/0/1] port link-mode bridge
[SwitchJ-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchJ-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 33
[SwitchJ-Twenty-FiveGigE1/0/1] service-instance 33
[SwitchJ-Twenty-FiveGigE1/0/1-srv33] encapsulation s-vid 33
# Map Ethernet service instance 33 to VSI 1.
[SwitchJ-Twenty-FiveGigE1/0/1-srv33] xconnect vsi 1
[SwitchJ-Twenty-FiveGigE1/0/1-srv33] quit
[SwitchJ-Twenty-FiveGigE1/0/1] quit
# Configure RD and route target settings for VPN instance a.
[SwitchJ] ip vpn-instance a
[SwitchJ-vpn-instance-a] route-distinguisher 8:8
[SwitchJ-vpn-instance-a] vpn-target 1:1 import-extcommunity

210
 [SwitchJ-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchJ-vpn-instance-a] quit
# Configure VSI-interface 1.
[SwitchJ] interface vsi-interface 1
[SwitchJ-Vsi-interface1] ip binding vpn-instance a
[SwitchJ-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchJ-Vsi-interface1] pim sm
[SwitchJ-Vsi-interface1] igmp enable
[SwitchJ-Vsi-interface1] mac-address 0001-0001-0001
[SwitchJ-Vsi-interface1] distributed-gateway local
[SwitchJ-Vsi-interface1] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchJ] interface vsi-interface 2
[SwitchJ-Vsi-interface2] ip binding vpn-instance a
[SwitchJ-Vsi-interface2] l3-vni 1000
[SwitchJ-Vsi-interface2] pim sm
[SwitchJ-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance a.
[SwitchJ] multicast routing vpn-instance a
[SwitchJ-mrib-a] quit
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the MVXLAN source interface.
[SwitchJ] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchJ-mvxlan-a] address-family ipv4
[SwitchJ-mvxlan-a-ipv4] source loopback 0
[SwitchJ-mvxlan-a-ipv4] quit
[SwitchJ-mvxlan-a] quit
# Configure Loopback 1.
[SwitchJ] interface loopback 1
[SwitchJ-LoopBack1] ip binding vpn-instance a
[SwitchJ-LoopBack1] ip address 8.8.8.8 32
[SwitchJ-LoopBack1] pim sm
[SwitchJ-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchJ] pim vpn-instance a
[SwitchJ-pim-a] c-bsr 8.8.8.8
[SwitchJ-pim-a] c-rp 8.8.8.8
[SwitchJ-pim-a] quit
# Specify VSI-interface 1 as the gateway interface for VSI 1.
[SwitchJ] vsi 1
[SwitchJ-vsi-1] gateway vsi-interface 1
[SwitchJ-vsi-1] quit
13. Configure Switch K:
# Enable L2VPN and IP multicast routing, and start an OSPF process and a RIP process.
<SwitchK> system-view
[SwitchK] l2vpn enable

211
[SwitchK] multicast routing
[SwitchK-mrib] quit
[SwitchK] pim
[SwitchK-pim] quit
[SwitchK] ospf 1
[SwitchK-ospf-1] area 0.0.0.0
[SwitchK-ospf-1-area-0.0.0.0] quit
[SwitchK] rip 1
[SwitchK-rip-1] network 9.0.0.0
[SwitchK-rip-1] network 119.0.0.0
[SwitchK-rip-1] quit
# Enable the IGMP snooping feature.
[SwitchK] igmp-snooping
[SwitchK-igmp-snooping] quit

# Configure Loopback 0.
[SwitchK] interface loopback 0
[SwitchK-LoopBack0] ip address 9.9.9.9 32
[SwitchK-LoopBack0] rip 1 enable
[SwitchK-LoopBack0] ospf 1 area 0.0.0.0
[SwitchK-LoopBack0] quit
# Configure RIP and enable DCI on the interface connected to a remote ED.
[SwitchK] interface vlan-interface 9
[SwitchK-Vlan-interface9] rip 1 enable
[SwitchK-Vlan-interface9] dci enable
[SwitchK-Vlan-interface9] quit
# Configure RD and route target settings for VPN instance a.
[SwitchK] ip vpn-instance a
[SwitchK-vpn-instance-a] route-distinguisher 9:9
[SwitchK-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchK-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchK-vpn-instance-a] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchK] interface vsi-interface 2
[SwitchK-Vsi-interface2] ip binding vpn-instance a
[SwitchK-Vsi-interface2] l3-vni 1000
[SwitchK-Vsi-interface2] pim sm
[SwitchK-Vsi-interface2] quit

# Configure Loopback 1.
[SwitchK] interface loopback 1
[SwitchK-LoopBack1] ip binding vpn-instance a
[SwitchK-LoopBack1] ip address 9.9.9.9 32
[SwitchK-LoopBack1] pim sm
[SwitchK-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchK] pim vpn-instance a
[SwitchK-pim-a] c-bsr 9.9.9.9

212
[SwitchK-pim-a] c-rp 9.9.9.9
[SwitchK-pim-a] quit
# Enable IP multicast routing for VPN instance a.
[SwitchK] multicast routing vpn-instance a
[SwitchK-mrib-a] quit
# Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the default group, MVXLAN source interface, and data group range settings,
and enable multicast DCI. Configure the data group range to be the same as that on Switch A
to ensure correct forwarding.
[SwitchK] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchK-mvxlan-a] address-family ipv4
[SwitchK-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchK-mvxlan-a-ipv4] source loopback 0
[SwitchK-mvxlan-a-ipv4] data-group 239.0.0.0 30
[SwitchK-mvxlan-a-ipv4] dci enable
[SwitchK-mvxlan-a-ipv4] quit
[SwitchK-mvxlan-a] quit
# Configure a routing policy. Configure Switch K to not forward the SMET and S-PMSI routes
received from Switch H and Switch I to Switch D, Switch E, and Switch F. Configure Switch K
to not forward the SMET and S-PMSI routes received from Switch D, Switch E, and Switch F to
Switch H and Switch I.
[SwitchK] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchK] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchK] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchK] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchK] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchK] ip prefix-list 2 index 10 permit 7.7.7.7 32
[SwitchK] route-policy dc1 deny node 0
[SwitchK-route-policy-dc1-0] if-match ip route-source prefix-list 2
[SwitchK-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchK-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchK-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchK-route-policy-dc1-1] route-policy dc2 deny node 0
[SwitchK-route-policy-dc2-0] if-match ip route-source prefix-list 1
[SwitchK-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchK-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchK-route-policy-dc2-1] if-match ip route-source prefix-list 0
[SwitchK-route-policy-dc2-1] quit
# Enable BGP to advertise BGP EVPN routes.
[SwitchK] bgp 300
[SwitchK-bgp-default] group ED1 external
[SwitchK-bgp-default] peer ED1 as-number 100
[SwitchK-bgp-default] peer ED1 connect-interface loopback 0
[SwitchK-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchK-bgp-default] group ED2 external
[SwitchK-bgp-default] peer ED2 as-number 100
[SwitchK-bgp-default] peer ED2 connect-interface loopback 0
[SwitchK-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchK-bgp-default] peer 3.3.3.3 group ED1

213
 [SwitchK-bgp-default] peer 4.4.4.4 group ED1
[SwitchK-bgp-default] peer 5.5.5.5 group ED1
[SwitchK-bgp-default] peer 6.6.6.6 group ED2
[SwitchK-bgp-default] peer 7.7.7.7 group ED2
[SwitchK-bgp-default] peer 10.10.10.10 as-number 300
[SwitchK-bgp-default] peer 10.10.10.10 connect-interface loopback 0
[SwitchK-bgp-default] address-family l2vpn evpn
[SwitchK-bgp-default-evpn] peer ED1 enable
[SwitchK-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchK-bgp-default-evpn] peer ED1 router-mac-local
[SwitchK-bgp-default-evpn] peer ED2 enable
[SwitchK-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchK-bgp-default-evpn] peer ED2 router-mac-local
[SwitchK-bgp-default-evpn] peer 10.10.10.10 enable
[SwitchK-bgp-default-evpn] peer 10.10.10.10 next-hop-local
14. Configure Switch L:
# Enable L2VPN and IP multicast routing, start an OSPF process, and create VLAN 44.
<SwitchL> system-view
[SwitchL] l2vpn enable
[SwitchL] multicast routing
[SwitchL-mrib] quit
[SwitchL] pim
[SwitchL-pim] quit
[SwitchL] ospf 1
[SwitchL-ospf-1] area 0.0.0.0
[SwitchL-ospf-1-area-0.0.0.0] quit
[SwitchL] vlan 44
[SwitchL-vlan44] quit
# Enable the IGMP snooping feature.
[SwitchL] igmp-snooping
[SwitchL-igmp-snooping] quit
# Configure Loopback 0.
[SwitchL] interface loopback 0
[SwitchL-LoopBack0] ip address 10.10.10.10 32
[SwitchL-LoopBack0] pim sm
[SwitchL-LoopBack0] ospf 1 area 0.0.0.0
[SwitchL-LoopBack0] quit
# Create an EVPN instance on VSI 1.
[SwitchL] vsi 1
[SwitchL-vsi-1] evpn encapsulation vxlan
[SwitchL-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchL-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchL-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchL-vsi-1-evpn-vxlan] quit
# Enable IGMP snooping on VSI 1.
[SwitchL-vsi-1] igmp-snooping enable
# Create VXLAN 10.
[SwitchL-vsi-1] vxlan 10

214
[SwitchL-vsi-1-vxlan-10] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchL] bgp 300
[SwitchL-bgp-default] peer 9.9.9.9 as-number 300
[SwitchL-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchL-bgp-default] address-family l2vpn evpn
[SwitchL-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchL-bgp-default-evpn] peer 9.9.9.9 next-hop-local
[SwitchL-bgp-default-evpn] quit
[SwitchL-bgp-default] quit
# On server-facing interface Twenty-FiveGigE 1/0/2, create Ethernet service instance 44 to
match VLAN 44.
[SwitchL] interface twenty-fivegige 1/0/2
[SwitchL-Twenty-FiveGigE1/0/2] port link-mode bridge
[SwitchL-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchL-Twenty-FiveGigE1/0/2] port trunk permit vlan 1 44
[SwitchL-Twenty-FiveGigE1/0/2] service-instance 44
[SwitchL-Twenty-FiveGigE1/0/2-srv44] encapsulation s-vid 44
# Map Ethernet service instance 44 to VSI 1.
[SwitchL-Twenty-FiveGigE1/0/2-srv44] xconnect vsi 1
[SwitchL-Twenty-FiveGigE1/0/2-srv44] quit
[SwitchL-Twenty-FiveGigE1/0/2] quit
# Configure RD and route target settings for VPN instance a.
[SwitchL] ip vpn-instance a
[SwitchL-vpn-instance-a] route-distinguisher 10:10
[SwitchL-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchL-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchL-vpn-instance-a] quit
# Configure VSI-interface 1.
[SwitchL] interface vsi-interface 1
[SwitchL-Vsi-interface1] ip binding vpn-instance a
[SwitchL-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchL-Vsi-interface1] pim sm
[SwitchL-Vsi-interface1] igmp enable
[SwitchL-Vsi-interface1] mac-address 0001-0001-0001
[SwitchL-Vsi-interface1] distributed-gateway local
[SwitchL-Vsi-interface1] quit
# Create VSI-interface 2, associate the VSI interface with VPN instance a, and configure the
L3 VXLAN ID as 1000 for the VPN instance.
[SwitchL] interface vsi-interface 2
[SwitchL-Vsi-interface2] ip binding vpn-instance a
[SwitchL-Vsi-interface2] l3-vni 1000
[SwitchL-Vsi-interface2] pim sm
[SwitchL-Vsi-interface2] quit
# Enable IP multicast routing for VPN instance a.
[SwitchL] multicast routing vpn-instance a
[SwitchL-mrib-vpn1] quit

215
 # Create an MDT-based MVXLAN for VPN instance a and enter MVXLAN IPv4 address family
view. Configure the MVXLAN source interface.
[SwitchL] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchL-mvxlan-a] address-family ipv4
[SwitchL-mvxlan-a-ipv4] source loopback 0
[SwitchL-mvxlan-a-ipv4] quit
[SwitchL-mvxlan-a] quit
# Configure Loopback 1.
[SwitchL] interface loopback 1
[SwitchL-LoopBack1] ip binding vpn-instance a
[SwitchL-LoopBack1] ip address 10.10.10.10 32
[SwitchL-LoopBack1] pim sm
[SwitchL-LoopBack1] quit
# Enter VPN instance PIM view, and configure Loopback 1 as a candidate-BSR and
candidate-RP in VPN instance a.
[SwitchL] pim vpn-instance a
[SwitchL-pim-a] c-bsr 10.10.10.10
[SwitchL-pim-a] c-rp 10.10.10.10
[SwitchL-pim-a] quit
# Specify VSI-interface 1 as the gateway interface for VSI 1.
[SwitchL] vsi 1
[SwitchL-vsi-1] gateway vsi-interface 1
[SwitchL-vsi-1] quit

Verifying the configuration

1. Verify the multicast routing information on the VTEPs:
# Verify that Switch A has multicast routing entries for VPN instance a and the public network.
<SwitchA> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:00:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 00:00:31, Expires: -

(10.0.0.2, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 00:00:32
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL

216
 Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 00:00:26, Expires: -
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 6 (S, G) entries

(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:03:31
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:01:53, Expires: 00:02:38

(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -

(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:53
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:53, Expires: -

(4.4.4.4, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10

217
 Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -

(5.5.5.5, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -

(1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:00:51
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:00:51, Expires: 00:02:40
# Verify that Switch J has multicast routing entries for VPN instance a and the public network.
Use the same method to display multicast routing entries on Switch B and Switch L.
<SwitchJ> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.1)
RP: 8.8.8.8 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:12:32
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface1
Protocol: igmp, UpTime: 00:12:32, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:12:31, Expires: -

218
(10.0.0.2, 225.0.0.1)
RP: 8.8.8.8 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:12:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:12:21, Expires: -
<SwitchJ> display pim routing-table
Total 0 (*, G) entries; 5 (S, G) entries

(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:27
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:27, Expires: -

(7.7.7.7, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:29
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.78
RPF prime neighbor: 78.78.78.78
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:29, Expires: -

(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:20:26
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface200

219
 Protocol: pim-sm, UpTime: 00:19:29, Expires: 00:02:31
2: Vlan-interface300
Protocol: pim-sm, UpTime: 00:19:27, Expires: 00:02:56

(6.6.6.6, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:18:04
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:18:04, Expires: -

(7.7.7.7, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:18:04
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.78
RPF prime neighbor: 78.78.78.78
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:18:04, Expires: -
2. Verify the multicast routing information on the EDs:
# Verify that Switch D has multicast routing entries for VPN instance a and the public network.
Use the same method to display multicast routing entries on Switch E and Switch F.
<SwitchD> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:20:48
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:20:48, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:20:48, Expires: -

(10.0.0.2, 225.0.0.1)

220
 RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:20:47
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 00:20:47, Expires: -
<SwitchD> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries

(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:23:32
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:23:32, Expires: -

(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:23:27
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:23:27, Expires: -

(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:25:33
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface30
Protocol: pim-sm, UpTime: 00:23:32, Expires: 00:02:58

221
 (1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:22:31
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:22:31, Expires: -
# Verify the Layer 2 multicast routing entries on Switch D. Use the same method to display
Layer 2 multicast routing entries on Switch F.
<SwichD> display igmp-snooping evpn-group
Total 0 entries.
# Verify that Switch E has forwarded multicast traffic and generated Layer 2 multicast routing
entries.
<SwichE> display igmp-snooping evpn-group
Total 2 entries.

VSI Auto_L3VNI1000_2: Total 2 entries.

(0.0.0.0, 225.0.0.1)
Host ports (2 in total):
Tun0 (VXLAN ID 1000)
Tun1 (VXLAN ID 1000)
(10.0.0.2, 225.0.0.1)
Host ports (2 in total):
Tun0 (VXLAN ID 1000)
Tun1 (VXLAN ID 1000)
# Verify that Switch H has multicast routing entries for VPN instance a and the public network.
The output shows that multicast traffic is forwarded from Switch H to DC 2.
<SwitchH> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries

(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:35:01
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface300
Protocol: pim-sm, UpTime: 00:33:54, Expires: 00:02:52

(8.8.8.8, 236.0.0.0)
RP: NULL

222
 Protocol: pim-sm, Flag: SPT
UpTime: 00:33:54
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.86
RPF prime neighbor: 68.68.68.86
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:33:54, Expires: -

(6.6.6.6, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:32:39
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface300
Protocol: pim-sm, UpTime: 00:32:39, Expires: 00:03:13

<SwitchH> display pim vpn-instance a routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.1)
RP: 6.6.6.6 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:32:44
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:32:44, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:32:43, Expires: -

(10.0.0.2, 225.0.0.1)
RP: 6.6.6.6 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT SQ RC SRC-ACT 2MVPN FROMDCI
UpTime: 00:32:44
Upstream interface: Vsi-interface2
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1

223
 1: MTunnel1
Protocol: MD, UpTime: 00:32:35, Expires: -
# Verify that Switch I has multicast routing entries for VPN instance a and the public network.
<SwitchI> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries

(7.7.7.7, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:35:43
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:34:09, Expires: 00:03:21

(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:34:09
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.87
RPF prime neighbor: 78.78.78.87
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:34:09, Expires: -

(7.7.7.7, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:32:51
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:32:51, Expires: 00:02:48

<SwitchI> display pim vpn-instance a routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: WC RC

224
 UpTime: 00:32:57
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:32:57, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:32:56, Expires: -

(10.0.0.2, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: SPT 2MSDP NIIF SQ RC SRC-ACT
UpTime: 00:32:57
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:32:57, Expires: -
2: MTunnel1
Protocol: MD, UpTime: 00:32:48, Expires: -

225