How it Works
HP
Loading...
FlexNetwork VSR1000
Evi Configuration Manual
44 pgs975.78 Kb0
Table of contents
Loading...

HP FlexNetwork VSR1000 Evi Configuration Manual

HPE FlexNetwork VSR1000 Virtual Services Router
EVI Configuration Guide
Part number: 5998-8309R Software version: VSR1000_HPE-CMW710-E0321P01-X64 Document version: 5W101-20151202
Enterprise products and services are set forth in the express warranty statements acco mpanying such products and services. Nothing herein should be construe d as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions co ntained herein.
Confidential computer software. V alid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and T e chnical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the United States and other countries.
Microsoft® and Windows® are trademarks of the Microsoft group of companies. Adobe® and Acrobat® are trademarks of Adobe Systems In corporated. Java and Oracle are registered trademarks of Oracle and/or its affiliates. UNIX® is a registered trademark of The Open Group.

Contents

Configuring EVI ······························································································· 1
Overview ···························································································································································· 1
Layer 2 connectivity extension issues ········································································································ 1 Network topologies ····································································································································· 2 Terminology ··············································································································································· 3 Working mechanism ··································································································································· 4 Placement of Layer 3 gateways ················································································································· 7 ARP flood suppression ······························································································································· 7 Selective flood ············································································································································ 8 Multihoming ················································································································································ 8
Path MTU ················································································································································· 11 Licensing requirements ···································································································································· 11 EVI configuration task list ································································································································· 11 Configuring EVI basic features ························································································································ 11
Configuring a site ID ································································································································· 12
Configuring an EVI tunnel ························································································································ 12
Assigning a network ID to the EVI tunnel ································································································· 13
Specifying extended VLANs on the EVI tunnel ························································································ 14
Configuring ENDP ···································································································································· 14 Tuning EVI IS-IS parameters ··························································································································· 15
EVI IS-IS configuration task list ················································································································ 16
Creating an EVI IS-IS process ················································································································· 16
Changing the designated site VLAN ········································································································ 17
Optimizing an EVI IS-IS network ·············································································································· 17
Specifying a routing policy for an EVI IS-IS process ················································································ 21
Enabling adjacency change logging········································································································· 22
Configuring SNMP notifications and context for EVI IS-IS ······································································· 22
Configuring Graceful Restart for an EVI IS-IS process ············································································ 23
Increasing the maximum number of MAC entries in an LSP for an EVI IS-IS process ···························· 23 Configuring VLAN mappings ···························································································································· 24 Enabling EVI ARP flood suppression ··············································································································· 24 Enabling EVI flooding for all destination-unknown frames ··············································································· 25 Enabling selective flood for a MAC address ···································································································· 25 Displaying and maintaining EVI ······················································································································· 26 EVI configuration examples ····························································································································· 27
Single-homed EVI network configuration example ·················································································· 27
Multiple-EVI-networks configuration example ·························································································· 35
Document conventions and icons ································································· 39
Conventions ····················································································································································· 39 Network topology icons ···································································································································· 40
Support and other resources ········································································ 41
Accessing Hewlett Packard Enterprise Support ······························································································ 41 Accessing updates ··········································································································································· 41
Websites ·················································································································································· 42
Customer self repair ································································································································· 42
Remote support ········································································································································ 42
Documentation feedback ························································································································· 42
Index ············································································································· 44
i

Configuring EVI

Overview

Ethernet Virtual Interconnect (EVI) is a MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. It is used for connecting geographically dispersed sites of a virtualized large-scale data center that requires Layer 2 adjacency (see Figure 1).
EVI enable and business continuity. For example, virtual machines can move between data center sites without changing their IP addresses, so their movements are transpare nt to use rs and do not disrupt traffic.
Figure 1 Virtual machine migration
s long-distance virtual machine workload mobility and data mobility, disaster recovery,

Layer 2 connectivity extension issues

EVI resolves the following Layer 2 connectivity extension issues:
Site independence—EVI keeps protocol failures, such as broadcast sto rms, from propagating across sites.
Transport independence—EVI has no special requirements for site location or transport network type, except that the transport network can forward IP packets.
High availability—EVI supports redundant edge devices and has a loop-free mechanism to prevent loops for a multihomed network site.
Link efficiency—EVI optimizes the inter-site multicast and broadcast transmission mecha nism and implements load-sharing on redundant links.
Site and transport transparency—EVI is both site and transport network transparent. It has no special site or transport network topology requirements.
1
Easy management and maintenance—EVI requires deployment only on edge devices and does not introduce any topology change or configuration within sites or the transport network.

Network topologies

As shown in Figure 2, an EVI network has one or multiple edge devices at each site. These sites are connected through virtual links and run the EVI IS-IS protocol to advertise their MAC address entries to each other. EVI maintains MAC routing information on the edge devices without changing the forwarding or routing information within the sites or the transport network.
Figure 2 EVI network
Site network
VLAN 10
Site 1
Edge device
EVI link
Transport network
EVI
Site network
Edge
VLAN 10
Site 2
device
EVI link
EVI link
Site network
Edge device
Site 3
VLAN 10
EVI supports multiple EVI networks on an edge device for extending different VLANs across the Layer 3 network. One EVI network can convey multiple VLANs, but one VLAN can map to only one EVI network. Each EVI network has separate network parameters and independently forwards traffic.
As shown in Figure 3, EVI
network 1 extends VLAN 100 and VLAN 101 to Site 2, Site 3, and Site 4 for Web access traffic. EVI network 2 extends VLAN 4000 (the management VLAN) to all sites, and EVI network 3 extends VLANs 50 to 80 between Site 1 and Site 4 for database traffic.
2
Figure 3 Multiple EVI networks
Site 1
VLAN 4000
EVI 3
VLANs 50-80
Site 2
EVI 2
EVI 1
VLANs 100-101
Site 3

Terminology

Edge device
An edge device performs typical Layer 2 learning and forwarding on the site-facing interfaces (internal interfaces) and performs tunneling and routing on the transport-facing interfaces.
EVI network ID
An edge device can belong to multiple EVI networks. Each EVI network is uniquely identified by a network ID.
EVI link
An EVI link is a bidirectional virtual Ethernet channel between a pair of edge devices in an EVI network. EVI links are conveyed on EVI tunnels. Each EVI link is uniquely identified by a pair of source and destination EVI tunnel IP addresses.
EVI tunnel
An EVI tunnel is a point-to-many automatic GRE tunnel that conveys EVI links for an EVI network. One EVI tunnel can provide services only for one EVI network.
EVI neighbor
Site 5
Site 4
ENDP
ENDS
All edge devices in an EVI network are EVI neighbors to one other.
EVI Neighbor Discovery Protocol uses the client/server model to dynamically discover sites and edge devices, establish and maintain EVI links, and exchange network membership information in an EVI network.
An EVI neighbor discovery server maintains all neighbor information in an EVI network. An EVI network can have up to two ENDSs.
3
ENDC
An EVI neighbor discovery client works with an ENDS to learn neighbor information and triggers EVI link setup between neighbors.
EVI IS-IS
EVI IS-IS establishes adjacencies and advertises MAC reachability information among edge devices at different sites in an EVI network. It also m aps VLA Ns to re dun dant edg e d evices at a multi homed site to avoid loops and balance traffic.
EVI IS-IS runs independently of the Layer 3 routing protocols on the transport network and sites.
DED
Designated edge devices (DEDs) include inter-site DEDs and site DED. An inter-site DED is elected from between the edge devices on each EVI link to send CS NP pa ckets
for LSDB synchronization. A site DED is elected from among the redundant edge devices at a multihomed site to distribute
extended VLANs among them so the traffic of a VLAN always enters or leave s the site from the same edge device.
Appointed edge forwarder
If an edge device is assigned by DED to forward and receive traffic for an extend ed VLAN, this edge device is the appointed edge forwarder for the extended VLAN. This extended VLAN is an active VLAN on the edge device.
Internal interface
Internal interfaces are site-facing Layer 2 interfaces that connect an edge device to switches or routers in the site.

Working mechanism

An edge device uses the following process to set up an EVI network and forward traf fic at Layer 2 to remote sites:
1. Runs ENDP to discover EVI neighbors and set up EVI links between neighbors.
2. Runs EVI IS-IS to advertise MAC reachability information over EVI links in the EVI network.
3. Forwards traffic based on MAC reachability information that has been received from other sites.
This section describes this process in detail.
Neighbor discovery
An EVI network runs ENDP to discover all its edge devices and establishes adjacencies among the edge devices in the following process:
1. ENDS is enabled on one edge device, and ENDC is enabled on all other edge devices.
2. The ENDCs register their IP addresses and other data with the ENDS.
3. The ENDS updates its ENDC database with received data and sends the updated database to
each ENDC.
4. After receiving the register reply, the ENDCs establish an EVI link with each other. For high availability, you can configure up to two ENDSs for an EVI network.
MAC address learning
MAC reachability information on an EVI edge device comes from the following sources:
MAC entries configured or learned in the data plane—The edge devices use the typical
source-MAC-based learning mechanism to learn unicast MAC addresses in their local sites (called local MAC addresses).
4
MAC entries learned through EVI IS-IS—After completing neighbor discovery, the edge
NOTE:
The mac-address max-mac-count command and the mac-address mac-learning enable command take effect only on local MAC addresses, which are learned in the data plane. They do not take effect on remote MAC addresses, which are learned in the control plane.
Unicast flow
For intra-site unicast flows, an edge device performs the typical MAC address table lookup, as shown in Figure 4.
devices run EVI IS-IS in the control plane to establish adjacencies and advertise MAC reachability information that has been learned or configured in the data plane to each other over EVI links.
Figure 4
VLAN MAC Interface
Layer 2 forwarding in a site
MAC Table
200 MAC1 GE1/0/1 200 MAC2 GE1/0/2
GE1/0/1
Host A Host B
MAC1 MAC2
Site 1 Site 2
EVI
Transport network
EVI
EVI
GE1/0/2
The following forwarding process (see Figure 5) takes place for unicast flows betwee n sites:
1. The source edge device learns the source MAC address of the incoming Ethernet frame, and
looks up the destination MAC address in its MAC table for the outgoing interface .
2. If the outgoing interface is an EVI-Link interface instead of a physical port, the source edge
device encapsulates the frame in a GRE header, and then adds an IP header and a link layer protocol header.
In the outer IP header, the source IP address is the source edge device's tunnel source IP address, and the destination IP address is the destination edge device's tunnel source IP address.
3. The source edge device forwards the encapsulated packet out of the EVI link to the destination
edge device across the IP transport network.
4. The destination edge device removes the headers of the original Ethernet fra me, looks up the
destination MAC address in the MAC address table, and sends the frame out of the matching outgoing interface.
5
Figure 5 Layer 2 forwarding between sites
Transport network
VLAN MAC Interface
200 MAC1 GE1/0/1 200 MAC2 GE1/0/2 200 MAC3 EVI-Link0
Multicast flow
Edge devices run IPv4 IGMP snooping on each extended VLAN and learn multicast router port and multicast member port information on EVI-Link interfaces for Layer 2 multicast forwarding as if they were Ethernet interfaces. In an extended VLAN, each edge device tunnels IGMP, MLD, and PIM protocol packets to all its remote edge devices, and the remote edge devices flood the packets in the VLAN.
MAC Table
Host A MAC1
EVI
c
EVI
a
Site 1 Site 2
b
Device A Device B
Host B
MAC2
EVI
d
GE1/0/1
MAC Table
VLAN MAC Interface
200 MAC1 200 MAC2 200 MAC3
e
Host C
MAC3
EVI-Link0 EVI-Link0
GE1/0/1
For a site-to-site multicast data frame in an extended VLAN, the following process (see Figure 6)
akes place:
t
1. The DR in a site sends out a multicast frame.
2. The source edge device copies the frame and encapsulates one copy on each multicast
member EVI-Link interface.
3. The source edge device unicasts the encapsulated frames to the de stination edge devices over
the EVI links.
4. Each destination edge device removes the headers of the multicast frame and copies the
multicast frame on each multicast member interface.
5. Each destination edge device sends the multicast frame out of all member interfaces to the
destination hosts.
6
Figure 6 Multicast data frame forwarding process
(1) Multicast stream
DR
Site 1
Flooding flow
An edge device handles flooding by frame type, as follows:
Broadcast frame—Floods the frame to all interfaces in the VLAN where the frame has been
received, including internal interfaces and EVI-Link interfaces. For ARP packets, you can use the ARP flood suppression feature (see "ARP flood suppression"
Destination-unknown unicast or multicast frame—Floods the frame to all internal interfaces
in the VLAN where the frame has been received. The edge device typically does not forward destination-unknown frames to other sites. If a site-to-site flooding is desirable for a sp ecial MAC address, use the selective flood feature (see "Selective flood").
(2) Replicate & encapsulate
EVI-Link1
EVI
GE1/0/1
VLAN R-port H-port
100 GE1/0/1 EVI-Link1
Source
EVI-Link2
EVI-Link2
VLAN R-port H-port
100 EVI-Link1 GE1/0/1
(3) Unicast
EVI-Link1
Site 2
(3) Unicast
EVI
EVI
GE1/0/1
(4) Decapsulate
& replicate
(5) Multicast
stream
Receiver
(4) Decapsulate & replicate
EVI-Link1
VLAN R-port H-port
100 EVI-Link1 GE1/0/1
Site 3
(5) Multicast stream
EVI
GE1/0/1
Receiver
) to reduce ARP broadcasts.
o flood a frame to remote sites, an EVI edge device must replicate the frame, encapsulate each
T replica in one unicast frame for each destination site, and send the unicast frames to the remote edge devices.

Placement of Layer 3 gateways

For the hosts in an extended VLAN at a site, their Layer 3 gateway must be on the edge device at the local site rather than a remote site.

ARP flood suppression

ARP flood suppression reduces ARP request broadcasts on the EVI network by enabling edge devices to reply to ARP requests on behalf of remote-site hosts.
As shown in Figure 7, this feature sn ARP flood suppression table with remote MAC addresses. If an ARP request has a matching entry, the local edge device replies to the request on behalf of the remote-site host. If no match is found, the edge device floods the request to the EVI network.
ARP flood suppression uses the following workflow:
1. Host IP1 in site A sends an ARP request to obtain the MAC address of IP2.
2. Site A's edge device floods the ARP requests out of all interfaces, including the EVI tunnel
interfaces.
oops ARP replies on an EVI tunnel interface to populate the
7
3. Site B's edge device de-encapsulates the ARP request and broadcasts the request.
4. IP2 sends an ARP reply back to site A's edge device over the EVI link.
5. Site A's edge device creates an ARP cache entry for the remote MAC address and forwa rds the
reply to the requesting host.
6. Site A's edge device replies to all subsequent requests for the MAC address of IP2. Figure 7 ARP flood suppression

Selective flood

Selective flood enables an edge device to send an unknown unicast or multicast frame out of an EVI tunnel interface.
This feature is designed for special multicast addresses that require flooding across sites but cannot be added to a multicast forwarding table by IGMP snooping.
For example, you must configure selective flood for PIM hellos, IGMP general query packets, and Microsoft NLBS cluster traffic to be sent out of an EVI tunnel interface.

Multihoming

EVI supports deploying two or more EVI edge devices to provide Layer 2 connectivity extension for a site. Deployment of redundant edge devices creates the risk of loops because EVI edge devices do not transmit spanning tree BPDUs across the transport network.
To remove loops in a multihomed network (see Figure 8), you devices into one device, as shown in Figure 9. If redundant edge devices to automatically designate each edge device as the traffic forwarder for a particular set of extended VLANs, as shown in Figure 10.
The redun DED for exchanging extended VLAN information and assigning active VLA Ns among them. All edge
dant edge devices exchange EVI IS-IS hello packets in a designated site VLAN to elect a
can use IRF to virtualize multiple edge
IRF is not used, EVI IS-IS runs among the
8
devices have a user-configurable DED priority. The one with the highest DED priority is elected as the DED. The DED uses the following rules to assign active VLANs:
1. If an extended VLAN is configured only on one edge device, the edge device is the appointed
edge forwarder for the VLAN.
2. If a set of extended VLANs is configured on at least two edge devices, the DED distributes the
extended VLANs equally among the edge devices.
3. When reassigning VLANs, the DED preferably assigns an edge device the active VLANs that
were assigned to it in the previous assignment.
The traffic forwarder designation mechanism of EVI IS-IS makes sure an extended VLAN is active only on one edge device. For example, VLAN 1000 in Figure 10 is active only on site 1'
s Device B and site 2's Device D. Only these two edge devices can receive or forward VLAN 1000 traffic between the two sites.
Figure 8 Looped dual-homed EVI network
9
Figure 9 Edge devices in an IRF fabric
Transport
network
EVI
EVI
Site 1 Site 2
Figure 10 Active VLAN on an edge device
IRFIRF
EVI
10

Path MTU

When encapsulating an Ethernet frame in EVI, the edge device does not modify the Ethernet frame, but it sets the DF bit in the IP header. For an Ethernet transport network, the total size of an EVI protocol packet increases by 46 bytes, and the total size of a data packet increases by 38 bytes. Because EVI does not support path MTU discovery, your EVI deployment must make sure the path MTU of the transport network is higher than the maximum size of EVI tunneled frames.

Licensing requirements

EVI requires a license. For information about feature licensing, see Fundamentals Configuration Guide.

EVI configuration task list

Perform the following tasks on all edge devices of an EVI network:
Tasks at a glance Remarks
Configuring EVI basic features:
(Required.) Configuring a site ID
(Req
uired.) Configuring an EVI tunnel:
{ (Required.) Assigning a network ID to the EVI tunnel { (Required.) Specifying extended VLANs on the EVI tunnel { (Required.) Configuring ENDP
An EVI tunnel can provide services for only one EVI network.
All edge devices in an EVI network must have the same network ID. The edge devices at the same site must have the same site ID, and the edge devices at different sites must have different site IDs.
An extended VLAN can be assigned only to one EVI network.
(Optional.) Tuning EVI IS-IS parameters
(Optional.) Configuring VLAN mappings N/A
(Optional.) Enabling EVI ARP flood suppression
(Optional.) Enabling EVI flooding for all destination-unknown frames
(Optional.) Enabling selective flood for a MAC address

Configuring EVI basic features

All tasks in this section are required for setting up an EVI network.
EVI IS-IS automatically runs on an EVI tunnel interface immediately after the interface is created.
You can tune EVI IS-IS parameters for optimizing network performance.
Perform this task to reduce ARP request broadcasts on an EVI network.
Perform this task to flood frames with unknown MAC addresses to the EVI tunnel interface.
Perform this task for special multicast MAC addresses that require Layer 2 inter-site forwarding but cannot be learned into the MAC address table.
11
Loading...
+ 30 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use