This feature snoops ARP packets to populate the ARP flood suppression table for local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.

Examples

# Enable ARP flood suppression for the VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] arp suppression enable

Related commands

· display arp suppression vsi

· reset arp suppression vsi

description

Use description to configure a description for a VSI.

Use undo description to delete the description of a VSI.

Syntax

description text

undo description

Default

A VSI does not have a description.

Views

VSI view

Predefined user roles

network-admin

Parameters

text: Specifies the VSI description, a case-sensitive string of 1 to 80 characters.

Examples

# Configure a description for the VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] description vsi for vpn1

Related commands

display l2vpn vsi

display arp suppression vsi

Use display arp suppression vsi to display ARP flood suppression entries.

Syntax

display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name. If you do not specify a VSI, this command displays entries for all VSIs.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays entries on the master device.

count: Displays the number of ARP flood suppression entries that match the command.

Examples

# Display the ARP flood suppression entries on the master device.

<Sysname> display arp suppression vsi

IP address MAC address Vsi Name Link ID Aging

1.1.1.2 000f-e201-0101 vsi1 0x5000003 14

1.1.1.3 000f-e201-0202 vsi1 0x5000004 18

1.1.1.4 000f-e201-0203 vsi2 0x5000005 10

# Display the number of ARP flood suppression entries on the master device.

<Sysname> display arp suppression vsi count

Total entries: 3

Table 1 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Aging	Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted.

Related commands

· arp suppression enable

· reset arp suppression vsi

display igmp host group

Use display igmp host group to display information about the multicast groups that contain IGMP host-enabled interfaces.

Syntax

display igmp host group [ group-address | interface interface-type interface-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-address: Specifies a multicast group address. The value range is 224.0.1.0 to 239.255.255.255. If you do not specify a multicast group, the command displays information about all multicast groups.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays multicast group information for all interfaces.

verbose: Displays detailed multicast group information. If you do not specify this keyword, the command displays brief multicast group information.

Usage guidelines

For the VXLAN multicast source interface of a multicast-mode VXLAN to join its VXLAN multicast group, you must enable the IGMP host function.

Use this command to verify the following information:

· Multicast group information for VXLANs.

· Group membership status of VXLAN multicast source interfaces.

Examples

# Display brief information about all multicast groups that contain IGMP host-enabled interfaces.

<Sysname> display igmp host group

IGMP host groups in total: 2

Vlan-interface10(1.1.1.20):

IGMP host groups in total: 2

Group address Member state Expires

225.1.1.1 Idle Off

225.1.1.2 Idle Off

# Display detailed information about all multicast groups that contain IGMP host-enabled interfaces.

<Sysname> display igmp host group verbose

Vlan-interface10(1.1.1.20):

IGMP host groups in total: 2

Group: 225.1.1.1

Group mode: Exclude

Member state: Idle

Expires: Off

Source list (sources in total: 0):

Group: 225.1.1.2

Group mode: Exclude

Member state: Idle

Expires: Off

Source list (sources in total: 0):

Table 2 Command output

Field	Description
IGMP host groups in total	Total number of multicast groups that contain IGMP host-enabled interfaces.
Vlan-interface10(1.1.1.20)	Name and IP address of the IGMP host-enabled interface.
IGMP host groups in total	Total number of multicast groups on the interface.
Group address/Group	Address of the multicast group.
Member state	Member state: · Delay—The interface has joined the multicast group, and it has started the delay timer for sending IGMP reports. · Idle—The interface has joined the multicast group, but it has not started the delay timer for sending IGMP reports. The delay timer is not user configurable.
Expires	Remaining delay time for the interface to send an IGMP report. This field displays Off if the delay timer is disabled.
Group mode	Multicast source filtering mode: · Include. · Exclude.
Source list	Multicast sources of the multicast group.
sources in total	Total number of multicast sources.

NOTE:

For more information about the command output, see IGMP in IP Multicast Configuration Guide.

Related commands

igmp host enable

display l2vpn mac-address

Use display l2vpn mac-address to display MAC address entries for VSIs.

Syntax

display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, the command displays MAC address entries for all VSIs.

dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries. The MAC address entries include dynamic remote- and local-MAC entries, remote-MAC entries advertised through VXLAN IS-IS, and manually added static remote-MAC entries. VXLAN does not support static local-MAC entries.

count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.

Examples

# Display MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address

MAC Address State VSI Name Link ID/Name Aging

0000-0000-000a Dynamic vpn1 1 Aging

0000-0000-000b Static vpn1 Tunnel10 NotAging

0000-0000-000c Dynamic vpn1 Tunnel60 Aging

0000-0000-000d Dynamic vpn1 Tunnel99 Aging

--- 4 mac address(es) found ---

# Display the total number of MAC address entries in all VSIs.

<Sysname> display l2vpn mac-address count

4 mac address(es) found

Table 3 Command output

Field	Description
State	Entry state. · dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · static—Static remote-MAC entry. · is-is—Remote-MAC entry advertised through VXLAN IS-IS. · openflow—Remote-MAC entry issued by a remote controller through OpenFlow. The Aging field displays Aging for dynamic entries and displays NotAging for static, is-is, and openflow entries.
Link ID/Name	For a local MAC address, this field displays the AC's link ID on the VSI. For a remote MAC address, this field displays the tunnel name.
Aging	Entry aging state: · Aging. · NotAging.

Related commands

reset l2vpn mac-address

display l2vpn service-instance

Use display l2vpn service-instance to display information about Ethernet service instances.

Syntax

display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, the command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.

service-instance instance-id: Specifies an Ethernet service instance by its ID, in the range of 1 to 4096. If you do not specify an Ethernet service instance, the command displays information about all Ethernet service instances on the specified interface.

verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.

Examples

# Display brief information about all Ethernet service instances.

<Sysname> display l2vpn service-instance

Total number of service-instances: 4, 4 up, 0 down

Total number of ACs: 4, 4 up, 0 down

Interface SrvID Owner LinkID State Type

FGE1/1/3 1 vsi10 1 Up VSI

FGE1/1/3 2 vsi11 1 Up VSI

FGE1/1/3 3 vsi12 1 Up VSI

FGE1/1/3 4 vsi13 1 Up VSI

Table 4 Command output

Field	Description
Total number of ACs	Total number of attachment circuits (ACs) and the number of ACs in each state (up or down).
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
SrvID	Ethernet service instance ID.
Owner	VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI.
LinkID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: · Up. · Down.
Type	L2VPN type of the Ethernet service instance: · VSI. · VPWS.

# Display detailed information about all Ethernet service instances on FortyGigE 1/1/3.

<Sysname> display l2vpn service-instance interface fortygige 1/1/3 verbose

Interface: FGE1/1/3

Service Instance: 1

Encapsulation : s-vid 16

VSI Name : vsi10

Link ID : 1

State : Up

Statistics : Enabled

Input Statistics:

Octets :0

Packets :0

Output Statistics:

Octets :0

Packets :0

Service Instance: 2

Encapsulation : s-vid 1001

only-tagged

VSI Name : vsi11

Link ID : 1

State : Up

Statistics : Enabled

Input Statistics:

Octets :0

Packets :0

Output Statistics:

Octets :0

Packets :0

Service Instance: 3

Encapsulation : s-vid 2000

c-vid 1016

VSI Name : vsi12

Link ID : 1

State : Up

Statistics : Enabled

Input Statistics:

Octets :0

Packets :0

Output Statistics:

Octets :0

Packets :0

Table 5 Command output

Field	Description
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
Service Instance	Ethernet service instance ID.
Encapsulation	Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain any match criteria, the command does not display this field.
Link ID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: · Up. · Down.
Statistics	Packet statistics state: · Enabled—Packet statistics is enabled for the Ethernet service instance. · Disabled—Packet statistics is disabled for the Ethernet service instance.
Input Statistics	Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets.
Output Statistics	Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets.

Related commands

· service-instance

· statistics enable (MPLS Command Reference)

· reset l2vpn statistics ac (MPLS Command Reference)

display l2vpn vsi

Use display l2vpn vsi to display information about VSIs.

Syntax

display l2vpn vsi [ name vsi-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, the command displays information about all VSIs.

verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.

Examples

# Display brief information about all VSIs.

<Sysname> display l2vpn vsi

Total number of VSIs: 1, 1 up, 0 down, 0 admin down

VSI Name VSI Index MTU State

vpna 0 1500 Up

# Display detailed information about all VSIs.

<Sysname> display l2vpn vsi verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

Drop Unknown : -

Flooding : Enabled

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flooding proxy

Tunnel1 0x5000001 Up Manual Disabled

Tunnel2 0x5000002 Up Manual Disabled

MTunnel0 0x6002710 Up Auto Disabled

ACs:

AC Link ID State

FGE1/1/1 srv1000 0 Up

Table 6 Command output

Field	Description
VSI Description	Description of the VSI. If the VSI does not have a description, the command does not display this field.
VSI State	VSI state: · Up—The VSI is up. A VSI is up only when its VXLAN has an up VXLAN tunnel and an up AC. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command.
MTU	MTU on the VSI.
Bandwidth	Maximum bandwidth in kbps on the VSI.
Broadcast Restrain	Broadcast restraint ratio.
Multicast Restrain	Multicast restraint ratio.
Unknown Unicast Restrain	Unknown unicast restraint ratio.
MAC Learning	State of the MAC learning function.
MAC Table Limit	Maximum number of MAC address entries on the VSI.
Drop Unknown	Action on source MAC-unknown frames received after the maximum number of MAC entries is reached.
Hub-Spoke	State of the hub-spoke function.
Flooding	State of the VSI's flooding function: · Enabled—Flooding is enabled on the VSI. The VTEP floods unknown unicast frames to both local and remote sites. · Disabled—Flooding is disabled on the VSI. The VTEP floods unknown unicast frames only to local sites.
Tunnels	Information about the VXLAN tunnels assigned to the VXLAN.
Link ID	Tunnel's link ID on the VSI.
State	Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Defect—The tunnel interface is up, but the VTEP has not received BFD control packets from the remote end for 5 seconds. You must check for physical link or VXLAN tunnel problems. · Down—The tunnel interface is down.
Type	Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ? VXLAN IS-IS automatically assigned the tunnel to the VXLAN after VXLAN ID negotiation. ? For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN.
Flooding proxy	Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled.
ACs	ACs that are bound to the VSI.
Link ID	AC's link ID on the VSI.
State	AC state: · Up. · Down.

display vxlan tunnel

Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.

Syntax

display vxlan tunnel [ vxlan-id vxlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, the command displays VXLAN tunnel information for all VXLANs.

Examples

# Display VXLAN tunnel information for all VXLANs.

<Sysname> display vxlan tunnel

Total number of VXLANs: 1

VXLAN ID: 10, VSI name: vpna, Total tunnels: 4 (4 up, 0 down, 0 defect, 0 blocked)

Tunnel name Link ID State Type Flooding proxy

Tunnel0 0x5000000 Up Auto Disabled

Tunnel1 0x5000001 Up Manual Disabled

Tunnel2 0x5000002 Up Manual/Auto Disabled

MTunnel0 0x6002710 Up Auto Disabled

# Display VXLAN tunnel information for VXLAN 10.

<Sysname> display vxlan tunnel vxlan-id 10

VXLAN ID: 10, VSI name: vpna, Total tunnels: 4 (4 up, 0 down, 0 defect, 0 blocked)

Tunnel name Link ID State Type Flooding proxy

Tunnel0 0x5000000 Up Auto Disabled

Tunnel1 0x5000001 Up Manual Disabled

Tunnel2 0x5000002 Up Manual/Auto Disabled

MTunnel0 0x6002710 Up Auto Disabled

Table 7 Command output

Field	Description
Link ID	Tunnel's link ID in the VXLAN.
State	Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Defect—The tunnel interface is up, but the VTEP has not received BFD control packets from the remote end for 5 seconds. You must check for physical link or VXLAN tunnel problems. · Down—The tunnel interface is down.
Type	Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ? VXLAN IS-IS automatically assigned the tunnel to the VXLAN after VXLAN ID negotiation. ? For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN.
Flooding proxy	Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled.

Related commands

· tunnel

· negotiate-vni enable

· vxlan

encapsulation

Use encapsulation to configure a frame match criterion for an Ethernet service instance.

Use undo encapsulation to remove a frame match criterion from an Ethernet service instance.

Syntax

encapsulation default

encapsulation { tagged | untagged }

encapsulation s-vid vlan-id [ only-tagged ]

undo encapsulation

Default

An Ethernet service instance does not contain frame match criteria.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

default: Matches any frames.

tagged: Matches any frames that have an 802.1Q VLAN tag.

untagged: Matches any frames that do not have an 802.1Q VLAN tag.

s-vid vlan-id: Matches frames that are tagged with the specified outer 802.1Q VLAN ID. The vlan-id argument specifies a 802.1Q VLAN ID in the range of 1 to 4094. If the outer 802.1Q VLAN is not the PVID, the matching result does not differ, whether or not you specify the only-tagged keyword. If the outer 802.1Q VLAN is the PVID, the matching result depends on whether or not the only-tagged keyword is specified.

only-tagged: Matches only PVID-tagged frames. To match both untagged frames and PVID-tagged frames, do not specify this keyword.

Usage guidelines

The match criterion in each Ethernet service instance on an interface must be unique. For example, you cannot configure the encapsulation tagged command in one Ethernet service instance if another Ethernet service instance already contains this command. You cannot use the encapsulation s-vid vlan-id command to specify the same 802.1Q VLAN ID for any two Ethernet service instances on the interface.

An Ethernet service instance can contain only one match criterion. To change the match criterion, you must remove the original criterion first. When you remove the match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.

If the Ethernet service instance uses the default, tagged, or untagged frame match criterion, the access mode set by the xconnect vsi command does not take effect. The VSI uses Ethernet access mode to process traffic.

An SDN transport network uses a controller to deploy and manage VXLANs on VTEPs. If you change the matching outer VLAN ID on the VTEP, you must also modify the VLAN ID set by the Set-Field action on the controller.

Examples

# Configure Ethernet service instance 1 on FortyGigE 1/1/1 to match frames that have an 802.1Q VLAN ID of 111.

<Sysname> system-view

[Sysname] interface fortygige 1/1/1

[Sysname-FortyGigE1/1/1] service-instance 1

[Sysname-FortyGigE1/1/1-srv1] encapsulation s-vid 111

Related commands

display l2vpn service-instance

flooding disable

Use flooding disable to disable flooding for a VSI.

Use undo flooding disable to restore the default.

Syntax

flooding disable

undo flooding disable

Default

Flooding is enabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

By default, the device floods unknown unicast frames received from the local site to the following interfaces in the frame's VXLAN:

· All interfaces in the local site except for the incoming interface.

· All VXLAN tunnel interfaces.

To limit unknown unicast traffic to the local site, use this command to disable the flooding function for the VSI bound to the VXLAN. The VSI will not flood unknown unicast frames to VXLAN tunnel interfaces.

Examples

# Disable flooding for the VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] flooding disable

group

Use group to assign a VXLAN a multicast group address for flood traffic, and specify a source IP address for multicast VXLAN packets.

Use undo group to restore the default.

Syntax

group group-address source source-address

undo group group-address source source-address

Default

A VXLAN uses unicast mode (head-end replication) for flood traffic. No multicast group address or source IP address is specified for multicast VXLAN packets.

Views

VXLAN view

Predefined user roles

network-admin

Parameters

group-address: Specifies a multicast address in the range of 224.0.1.0 to 239.255.255.255.

source source-address: Specifies a source IP address for multicast VXLAN packets.

Usage guidelines

VXLAN flood traffic includes multicast, broadcast, and unknown unicast frames. The following are methods available for the VTEP to flood traffic to remote sites:

· Unicast mode—Also called head-end replication. The VTEP replicates the flood frame, and then sends one replica to the destination IP address of each VXLAN tunnel in the VXLAN.

· Multicast mode—Also called tandem replication. The VTEP sends the flood frame in a multicast VXLAN packet destined for the VXLAN multicast group address. Transport network devices replicate and forward the packet to remote VTEPs based on their multicast forwarding entries.

· Flood proxy mode—The VTEP sends the flood frame in a VXLAN packet to a flood proxy server. The flood proxy server replicates and forwards the packet to each remote VTEP through VXLAN tunnels.

To reduce traffic sent to the transport network, use multicast mode if the network has dense flood traffic or many VTEPs.

For multicast-mode VXLANs, transport network devices must maintain multicast group and forwarding information. To reduce the multicast forwarding entries maintained by transport network devices, assign a multicast group address to multiple VXLANs. The VTEP separates traffic between VXLANs by VXLAN IDs.

NOTE:

For VXLANs that use the same multicast group address, you must configure the same source IP address for their multicast VXLAN packets.

If you execute the group command multiple times, the most recent configuration takes effect.

Examples

# Set the multicast group address to 233.1.1.1 for flood traffic in VXLAN 100. Set the source IP address to 2.1.1.1 for multicast VXLAN packets.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] vxlan 100

[Sysname-vsi-aaa-vxlan-100] group 233.1.1.1 source 2.1.1.1

Related commands

igmp host enable

Use igmp host enable to enable the IGMP host function on an interface.

Use undo igmp host enable to disable the IGMP host function on an interface.

Syntax

igmp host enable

undo igmp host enable

Default

The IGMP host function is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

For this command to take effect, you must use the multicast routing command to enable IP multicast routing.

You must configure an interface as an IGMP host if its IP address is the source IP address of multicast VXLAN packets. The IGMP host function enables the interface to send IGMP reports in response to IGMP queries before it can receive traffic from a multicast group.

Examples

# Enable IP multicast routing, and then enable the IGMP host function on VLAN-interface 10.

<Sysname> system-view

[Sysname] multicast routing

[Sysname-mrib] quit

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] igmp host enable

Related commands

· display igmp host group

· group

· multicast routing (IP Multicast Command Reference)

l2vpn enable

Use l2vpn enable to enable L2VPN.

Use undo l2vpn enable to disable L2VPN.

Syntax

l2vpn enable

undo l2vpn enable

Default

L2VPN is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable L2VPN before you can configure L2VPN settings.

Examples

# Enable L2VPN.

<Sysname> system-view

[Sysname] l2vpn enable

mac-address static

Use mac-address static to add a static remote-MAC address entry.

Use undo mac-address static to remove a static remote-MAC address entry.

Syntax

mac-address static mac-address interface tunnel tunnel-number vsi vsi-name

undo mac-address static [ mac-address ] [ interface tunnel tunnel-number ] vsi vsi-name

Default

VXLAN VSIs do not have static remote-MAC address entries.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a remote MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.

interface tunnel tunnel-number: Specifies the VXLAN tunnel interface for the remote MAC address. The tunnel-number argument represents the tunnel interface number. The tunnel interface must already exist.

vsi vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A remote MAC address is the MAC address of a VM in a remote site.

Remote MAC entries include the following types:

· Static—Include manually added MAC entries and VXLAN IS-IS advertised MAC entries.

· Dynamic—MAC entries learned in the data plane from incoming traffic on VXLAN tunnels.

For a remote address, the manual static entry has higher priority than dynamic and advertised entries. Dynamic and advertised entries have the same priority and can overwrite each other.

Examples

# Add the MAC address 000f-e201-0101 to the VSI vsi1, and specify Tunnel-interface 1 as the outgoing interface.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1

Related commands

vxlan tunnel mac-learning disable

reset arp suppression vsi

Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.

Syntax

reset arp suppression vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.

Examples

# Clear ARP flood suppression entries on all VSIs.

<Sysname> reset arp suppression vsi

This command will delete all entries. Continue? [Y/N]:y

Related commands

· display arp suppression vsi

· arp suppression enable

reset l2vpn mac-address

Use reset l2vpn mac-address to clear dynamic MAC address entries learned in the data plane on VSIs.

Syntax

reset l2vpn mac-address [ vsi vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, the command clears the dynamic MAC address entries on all VSIs.

Usage guidelines

Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.

Examples

# Clear the dynamic MAC address entries on the VSI vpn1.

<Sysname> reset l2vpn mac-address vsi vpn1

Related commands

display l2vpn mac-address vsi

selective-flooding mac-address

Use selective-flooding mac-address to enable selective flood for a MAC address.

Use undo selective-flooding mac-address to disable selective flood for a MAC address.

Syntax

selective-flooding mac-address mac-address

undo selective-flooding mac-address mac-address

Default

Selective flood is not enabled for any MAC addresses.

Views

VSI view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address. The MAC address cannot be all Fs.

Usage guidelines

This command excludes a remote MAC address from the flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown-unicast floods are confined to the local site.

Examples

# Enable selective flood for 000f-e201-0101 on the VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101

Related commands

flooding disable

service-instance

Use service-instance to create an Ethernet service instance and enter Ethernet service instance view.

Use undo service-instance to delete an Ethernet service instance.

Syntax

service-instance instance-id

undo service-instance instance-id

Default

No Ethernet service instances exist on an interface.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.

Examples

# On the Layer 2 Ethernet interface FortyGigE 1/1/1, create Ethernet service instance 1 and enter Ethernet service instance view.

<Sysname> system-view

[Sysname] interface fortygige 1/1/1

[Sysname-FortyGigE1/1/1] service-instance 1

[Sysname-FortyGigE1/1/1-srv1]

Related commands

display l2vpn service-instance

shutdown

Use shutdown to shut down a VSI.

Use undo shutdown to restore the default.

Syntax

shutdown

undo shutdown

Default

VSIs are up.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.

Examples

# Shut down the VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] shutdown

Related commands

display l2vpn vsi

tunnel

Use tunnel to assign a VXLAN tunnel to a VXLAN.

Use undo tunnel to remove a VXLAN tunnel from a VXLAN.

Syntax

tunnel tunnel-number [ flooding-proxy ]

undo tunnel tunnel-number

Default

A VXLAN does not contain VXLAN tunnels.

Views

VXLAN view

Predefined user roles

network-admin

Parameters

tunnel-number: Specifies a tunnel number in the range of 0 to 1023. The tunnel must be a VXLAN tunnel.

flooding-proxy: Enable flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs.

Usage guidelines

This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. Alternatively, you can use ENDP for automatic VXLAN tunnel assignment.

You can assign multiple VXLAN tunnels to a VXLAN. For a unicast-mode VXLAN, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.

On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups, and they do not forward traffic when the primary proxy tunnel is operating correctly.

To change a flood proxy tunnel for a VXLAN, perform the following tasks:

· Use the undo tunnel command to remove the flood proxy tunnel.

· Use the tunnel command to enable flood proxy on another tunnel and assign the tunnel to the VXLAN.

Examples

# Assign VXLAN tunnels 0, 1, and 2 to VXLAN 10000. Enable flood proxy on tunnel 2 when you assign it to the VXLAN.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000] tunnel 0

[Sysname-vsi-vpna-vxlan-10000] tunnel 1

[Sysname-vsi-vpna-vxlan-10000] tunnel 2 flooding-proxy

Related commands

display vxlan tunnel

tunnel bfd enable

Use tunnel bfd enable to enable BFD on a VXLAN tunnel interface.

Use undo tunnel bfd enable to restore the default.

Syntax

tunnel bfd enable destination-mac mac-address

undo tunnel bfd enable

Default

BFD is disabled on a VXLAN tunnel interface.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a destination MAC address for BFD control packets. The MAC address can be a remote VTEP address or a multicast address.

Usage guidelines

Enable BFD on a VXLAN tunnel interface for link connectivity detection. For BFD sessions to come up, you must also reserve a VXLAN by using the reserved vxlan command.

The VTEPs send BFD single-hop control packets to detect the connectivity of VXLAN tunnels. The VTEPs periodically send control packets to each other through the VXLAN tunnel. A VTEP sets the tunnel state to Defect if it has not received control packets from the remote end for five seconds. In this situation, the tunnel interface state is still Up. The tunnel state will change from Defect to Up if the VTEP can receive BFD control packets again.

Examples

# Enable BFD on the VXLAN tunnel interface Tunnel 9, and specify 1-1-1 as the destination MAC address for BFD control packets.

<Sysname> system-view

[Sysname] interface tunnel 9 mode vxlan

[Sysname-Tunnel9] tunnel bfd enable destination-mac 1-1-1

tunnel global source-address

Use tunnel global source-address to specify a global source address for VXLAN tunnels.

Use undo tunnel global source-address to restore the default.

Syntax

tunnel global source-address ipv4-address

undo tunnel global source-address

Default

No global source address is specified for VXLAN tunnels.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies an IPv4 address.

Usage guidelines

A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for a VXLAN tunnel.

Examples

# Specify 1.1.1.9 as the global source address for VXLAN tunnels.

<Sysname> system-view

[Sysname] tunnel global source-address 1.1.1.9

vsi

Use vsi to create a VSI and enter VSI view.

Use undo vsi to delete a VSI.

Syntax

vsi vsi-name

undo vsi vsi-name

Default

No VSIs are created on the device.

Views

System view

Predefined user roles

network-admin

Parameters

vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.

A VSI can provide services only for one VXLAN.

Examples

# Create VSI vxlan10 and enter VSI view.

<Sysname> system-view

[Sysname] vsi vxlan10

[Sysname-vsi-vxlan10]

Related commands

display l2vpn vsi

vtep group member remote

Use vtep group member remote to specify a VXLAN VTEP group and its member VTEPs.

Use undo vtep group member remote to restore the default.

Syntax

vtep group group-ip member remote member-ip&<1-8>

undo vtep group group-ip member remote

Default

No VXLAN VTEP group is specified on the device.

Views

System view

Predefined user roles

network-admin

Parameters

group-ip: Specifies a VXLAN VTEP group by its group IP address.

member-ip&<1-8>: Specifies a space-separated list of up to eight member VTEP IP addresses.

Examples

# Specify the VXLAN VTEP group 1.1.1.1 and its member VTEPs at 2.2.2.2, 3.3.3.3, and 4.4.4.4.

<Sysname> system-view

[Sysname] vtep group 1.1.1.1 member remote 2.2.2.2 3.3.3.3 4.4.4.4

vxlan

Use vxlan to create a VXLAN and enter VXLAN view.

Use undo vxlan to delete a VXLAN.

Syntax

vxlan vxlan-id

undo vxlan

Default

No VXLANs are created on the device.

Views

VSI view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

Usage guidelines

You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.

Examples

# Create VXLAN 10000 for VSI vpna and enter VXLAN view.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000]

Related commands

vsi

vxlan invalid-udp-checksum discard

Use vxlan invalid-udp-checksum discard to enable the device to drop the VXLAN packets that fail UDP checksum check.

Use undo vxlan invalid-udp-checksum discard to restore the default.

Syntax

vxlan invalid-udp-checksum discard

undo vxlan invalid-udp-checksum discard

Default

The device does not check the UDP checksum of VXLAN packets.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to check the UDP checksum of VXLAN packets.

The device always sets the UDP checksum of VXLAN packets to 0. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is 0 or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.

Examples

# Enable the device to drop the VXLAN packets that fail UDP checksum check.

<Sysname> system-view

[Sysname] vxlan invalid-udp-checksum discard

Related commands

vxlan invalid-vlan-tag discard

Use vxlan invalid-vlan-tag discard to enable the device to drop the VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header.

Use undo vxlan invalid-vlan-tag discard to restore the default.

Syntax

vxlan invalid-vlan-tag discard

undo vxlan invalid-vlan-tag discard

Default

The device does not check whether a VXLAN packet has 802.1Q VLAN tags in the inner Ethernet header.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If a remote VTEP uses the Ethernet access mode for an Ethernet service instance, its VXLAN packets might contain 802.1Q VLAN tags. To prevent the local VTEP from dropping the VXLAN packets, do not execute the vxlan invalid-vlan-tag discard command on the local VTEP.

To configure the access mode of an Ethernet service instance, use the xconnect vsi command.

Examples

# Enable the device to drop VXLAN packets that have 802.1Q VLAN tags.

<Sysname> system-view

[Sysname] vxlan invalid-vlan-tag discard

Related commands

· vxlan invalid-udp-checksum discard

· xconnect vsi

vxlan local-mac report

Use vxlan local-mac report to enable VXLAN local-MAC change logging.

Use undo vxlan local-mac report to restore the default.

Syntax

vxlan local-mac report

undo vxlan local-mac report

Default

VXLAN local-MAC change logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Local-MAC change logging enables VXLAN to send a log message to the information center when a local MAC address is added or removed.

With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Enable VXLAN local-MAC change logging.

<Sysname> system-view

[Sysname] vxlan local-mac report

vxlan tunnel mac-learning disable

Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.

Use undo vxlan tunnel mac-learning disable to restore the default.

Syntax

vxlan tunnel mac-learning disable

undo vxlan tunnel mac-learning disable

Default

Remote-MAC address learning is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.

Examples

# Disable remote-MAC address learning.

<Sysname> system-view

[Sysname] vxlan tunnel mac-learning disable

vxlan udp-port

Use vxlan udp-port to configure the destination UDP port number of VXLAN packets.

Use undo vxlan udp-port to restore the default.

Syntax

vxlan udp-port port-number

undo vxlan udp-port

Default

The destination UDP port number is 4789 for VXLAN packets.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a UDP port number in the range of 1 to 65535. To avoid conflict with well-known ports, H3C recommends that you specify a port number in the range of 1024 to 65535.

Usage guidelines

You must configure the same destination UDP port number on all VTEPs in a VXLAN.

Examples

# Set the destination UDP port number to 6666 for VXLAN packets.

<Sysname> system-view

[Sysname] vxlan udp-port 6666

xconnect vsi

Use xconnect vsi to map an Ethernet service instance to a VSI.

Use undo xconnect vsi to remove the mapping between an Ethernet service instance and a VSI.

Syntax

xconnect vsi vsi-name [ access-mode { ethernet | vlan } ]

undo xconnect vsi

Default

An Ethernet service instance is not mapped to any VSI.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.

access-mode: Specifies an access mode. By default, the access mode is VLAN.

ethernet: Specifies the Ethernet access mode.

vlan: Specifies the VLAN access mode.

Usage guidelines

To configure this command, you must first use the encapsulation command to add traffic match criteria to the Ethernet service instance.

For traffic that matches the Ethernet service instance, the system uses the VSI's MAC address table to make a forwarding decision.

The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.

· VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.

? For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.

? For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.

In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.

· Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.

? For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.

? For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.

In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.

If the Ethernet service instance uses the default, tagged, or untagged frame match criterion, the access mode set by this command does not take effect. The mapped VSI uses Ethernet access mode to process traffic.

Examples

# On FortyGigE 1/1/1, configure Ethernet service instance 200 to match frames with an outer 802.1Q VLAN tag of 200, and map the instance to the VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] quit

[Sysname] interface fortygige 1/1/1

[Sysname-FortyGigE1/1/1] service-instance 200

[Sysname-FortyGigE1/1/1-srv200] encapsulation s-vid 200

[Sysname-FortyGigE1/1/1-srv200] xconnect vsi vpn1

Related commands

· display l2vpn interface

· display l2vpn service-instance

· encapsulation

· vsi

ENDP commands

display vxlan neighbor-discovery client member

Use display vxlan neighbor-discovery client member to display information about ENDP neighbors that ENDCs have learned.

Syntax

display vxlan neighbor-discovery client member [ interface tunnel interface-number | local local-ip | remote client-ip | server server-ip ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number.

local local-ip: Specifies an NVE tunnel source IPv4 address.

remote client-ip: Specifies the IPv4 address of an ENDP neighbor.

server server-ip: Specifies the IPv4 address of an ENDS.

Usage guidelines

Each ENDP neighbor entry includes the IPv4 address, bridge MAC address, entry creation time, aging time, and VXLAN tunnel status of a neighbor.

If you do not specify any parameters, this command displays IPv4 neighbor entries that all local ENDCs have learned.

Examples

# Display IPv4 neighbor entries that all local ENDCs have learned.

<Sysname> display vxlan neighbor-discovery client member

Interface: Tunnel0 Network ID: 1

Local Address: 20.0.0.2

Server Address: 20.0.1.1

Neighbor System ID Created Time Expire Status

20.0.1.1 000F-0000-0A3D 2011/01/01 12:12:12 13 Up

20.0.2.1 000F-0000-0A3E 2011/01/01 12:12:12 13 Up

20.0.3.1 000F-0000-0A3F 2011/01/01 12:12:12 12 Up

Interface: Tunnel1 Network ID: 2

Local Address: 21.0.0.1

Server Address: 21.0.1.2

Neighbor System ID Created Time Expire Status

21.0.1.2 000F-0000-0A3D 2011/01/01 12:12:12 25 Up

21.0.2.1 000F-0000-0A3E 2011/01/01 12:12:12 25 Up

21.0.3.1 000F-0000-0A3F 2011/01/01 12:12:12 19 Up

Table 8 Command output

Field	Description
Interface	Name of the ENDC-enabled NVE tunnel interface.
Network ID	NVE tunnel network ID.
Local Address	Source IP address of the NVE tunnel.
Server Address	IPv4 address of the ENDS. This field displays NA if the ENDS is unknown.
Neighbor	IPv4 address of the neighbor learned from the ENDS.
System ID	Bridge MAC address of the neighbor. This field displays NA if the bridge MAC address is unknown,
Created Time	Time when the neighbor entry was created.
Expire	Remaining lifetime (in seconds) of the neighbor entry.
Status	Status of the VXLAN tunnel to the neighbor: · Up—The VXLAN tunnel is up. · Down—The VXLAN tunnel is down. · NA—No VXLAN tunnel has been set up with the neighbor.

display vxlan neighbor-discovery client statistics

Use display vxlan neighbor-discovery client statistics to display ENDP packet statistics for an ENDC-enabled NVE tunnel interface.

Syntax

display vxlan neighbor-discovery client statistics interface tunnel interface-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number.

Examples

# Display ENDP packet statistics for ENDCs on the NVE tunnel interface Tunnel 0.

<Sysname> display vxlan neighbor-discovery client statistics interface tunnel 0

Server Address: 10.0.0.1

Received packets:

Reply: 170 Error: 1

Sent packets:

Server Address: 10.0.0.2

Received packets:

Reply: 99 Error: 1

Sent packets:

Table 9 Command output

Field	Description
Server Address	IP address of the ENDS.
Received packets	Packets received by the ENDC: · Reply—Registration replies received from the ENDS. · Error—ENDP packets that have errors.
Sent packets	Packets sent by the ENDC: · Register—Registration packets sent to the ENDS. · Purge—Deregistration packets sent to the ENDS.

display vxlan neighbor-discovery client summary

Use display vxlan neighbor-discovery client summary to display ENDC settings and connectivity to ENDSs.

Syntax

display vxlan neighbor-discovery client summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display ENDC settings and connectivity to ENDSs.

<Sysname> display vxlan neighbor-discovery client summary

Status: I-Init E-Establish P-Probe

Interface Local Address Server Address Network ID Reg Auth Status VPN Instance

Tunnel1 1.1.1.1 1.1.1.1 1 15 disabled E [No Vrf]

Tunnel3 1.1.1.1 1.1.1.1 3 15 disabled E [No Vrf]

Table 10 Command output

Field	Description
Interface	Name of the ENDC-enabled NVE tunnel interface.
Local Address	Source IP address of the NVE tunnel. This field displays NA if no source IP address has been assigned to the NVE tunnel.
Server Address	IPv4 address of the ENDS.
Network ID	NVE tunnel network ID. This field displays NA if no network ID has been configured.
Reg	Registration update interval. The ENDC updates its registration with the ENDS at this interval.
Auth	ENDP authentication status: · enabled. · disabled.
Status	Status of the connection between the ENDC and the ENDS: · I—Connection is initializing. · E—Connection has been set up. · P—The ENDC is probing for the ENDS for setting up a connection.

Related commands

· vxlan neighbor-discovery authentication

· vxlan neighbor-discovery client enable

· vxlan neighbor-discovery client register-interval

display vxlan neighbor-discovery server member

Use display vxlan neighbor-discovery server member to display information about ENDP neighbors that have registered with an ENDS on the device.

Syntax

display vxlan neighbor-discovery server member [ interface tunnel interface-number | local local-ip | remote client-ip ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number.

local local-ip: Specifies the IPv4 address of an ENDS on the device.

remote client-ip: Specifies the IPv4 address of an ENDP neighbor.

Usage guidelines

Each neighbor entry includes the IP address, bridge MAC address, entry creation time, and aging time of a neighbor.

If you do not specify any parameters, this command displays all IPv4 ENDP neighbors that have registered with each ENDS on the device.

Examples

# Display IPv4 ENDP neighbor entries of all ENDSs on the device.

<Sysname> display vxlan neighbor-discovery server member

Interface: Tunnel0 Network ID: 1

IP Address: 11.0.0.1

Client Address System ID Expire Created Time

11.0.0.1 000F-0001-0001 20 2011/01/01 00:00:30

11.0.0.3 000F-0001-0002 25 2011/01/01 00:00:43

11.0.0.4 000F-0001-0003 15 2011/01/01 01:00:46

11.0.0.5 000F-0001-0004 20 2011/01/01 01:02:13

Interface: Tunnel1 Network ID: 2

IP Address: 11.0.1.2

Client Address System ID Expire Created Time

11.0.1.2 000F-0001-0010 20 2011/01/01 00:19:25

11.0.1.3 000F-0001-0011 19 2011/01/01 00:19:31

11.0.1.4 000F-0001-0012 30 2011/01/01 02:00:43

11.0.1.5 000F-0001-0013 20 2011/01/01 01:02:13

Interface: Tunnel2 Network ID: 3

IP Address: 12.0.0.1

Client Address System ID Expire Created Time

12.0.0.1 000F-0002-0001 30 2011/01/01 03:20:30

12.0.0.2 000F-0002-0002 30 2011/01/01 03:20:43

12.0.0.3 000F-0002-0003 37 2011/01/01 03:27:46

Table 11 Command output

Field	Description
Interface	Name of the ENDS-enabled NVE tunnel interface.
Network ID	NVE tunnel network ID.
IP Address	IPv4 address of the ENDS.
Client Address	IPv4 address of the neighbor.
System ID	Bridge MAC address of the neighbor.
Expire	Remaining lifetime (in seconds) of the neighbor entry.
Created Time	Time when the neighbor entry was created.

display vxlan neighbor-discovery server statistics

Use display vxlan neighbor-discovery server statistics to display ENDP packet statistics for the ENDS on an NVE tunnel interface.

Syntax

display vxlan neighbor-discovery server statistics interface tunnel interface-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number.

Examples

# Display ENDP packet statistics for the ENDS on the NVE tunnel interface Tunnel 0.

<Sysname> display vxlan neighbor-discovery server statistics interface tunnel 0

Received packets:

Sent packets:

Reply: 170 Error: 1

Table 12 Command output

Field	Description
Received packets	Packets received by the ENDS: · Register—Registration requests received from ENDCs. · Purge—Deregistration packets received from ENDCs.
Sent packets	Packets sent by the ENDS: · Reply—Registration replies sent to ENDCs. · Error—ENDP packets that have errors.

Field

Description

Received packets

Packets received by the ENDS:

· Register—Registration requests received from ENDCs.

· Purge—Deregistration packets received from ENDCs.

Sent packets

Packets sent by the ENDS:

· Reply—Registration replies sent to ENDCs.

· Error—ENDP packets that have errors.

display vxlan neighbor-discovery server summary

Use display vxlan neighbor-discovery server summary to display ENDS information.

Syntax

display vxlan neighbor-discovery server summary

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

ENDS information includes ENDP authentication status (enabled or disabled) and the total number of ENDCs that have registered with each ENDS.

Examples

# Display ENDS information.

<Sysname> display vxlan neighbor-discovery server summary

Interface Local Address Network ID Auth Members VPN Instance

Tunnel0 20.0.0.1 1 enabled 10 [No Vrf]

Tunnel2 21.0.0.1 2 disabled 20 [No Vrf]

Tunnel3 22.0.0.1 NA disabled 0 [No Vrf]

Table 13 Command output

Field	Description
Interface	Name of the ENDS-enabled NVE tunnel interface.
Local Address	Source IP address of the NVE tunnel. This field displays NA if no source IP address has been assigned to the NVE tunnel.
Network ID	NVE tunnel network ID. This field displays NA if no network ID has been configured.
Auth	ENDP authentication status: · enabled. · disabled.
Members	Total number of ENDCs that have registered with the ENDS.

Related commands

· vxlan neighbor-discovery authentication

· vxlan neighbor-discovery server enable

network-id

Use network-id to assign a network ID to an NVE tunnel interface.

Use undo network-id to remove the network ID of an NVE tunnel interface.

Syntax

network-id network-id

undo network-id

Default

No network ID is assigned to an NVE tunnel interface.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

number: Specifies a network ID in the range of 1 to 16777215.

Usage guidelines

ENDP supports multiple VXLAN networks. ENDP uses network IDs to uniquely identify VXLANs. VTEPs can discover each other if they have the same network ID.

On a VTEP, NVE tunnel interfaces must use different network IDs.

Examples

# Assign a network ID of 123 to the NVE tunnel interface Tunnel 0.

<Sysname> system-view

[Sysname] interface tunnel 0 mode nve

[Sysname-Tunnel0] network-id 123

vxlan neighbor-discovery authentication

Use vxlan neighbor-discovery authentication to enable ENDP authentication.

Use undo vxlan neighbor-discovery authentication to disable ENDP authentication.

Syntax

vxlan neighbor-discovery authentication { cipher | simple } password

undo vxlan neighbor-discovery authentication

Default

ENDP authentication is disabled.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

cipher: Specifies an authentication key in encrypted form.

simple: Specifies an authentication key in plaintext form.

password: Specifies the authentication key. Its plaintext form must be a case-sensitive string of 1 to 24 characters. Its encrypted form must be a case-sensitive string of 1 to 65 characters. For security purposes, authentication keys specified in plaintext form are encrypted before they are stored.

Usage guidelines

Configure ENDP authentication in an insecure network to prevent malicious registration with an ENDS.

Make sure all authentication-enabled ENDCs and ENDSs in a VXLAN network use the same authentication key.

If authentication is disabled on an ENDS, all ENDCs, including authentication-enabled ENDCs, can register with the ENDS without authentication.

If authentication is enabled on an ENDS, only authentication-enabled ENDCs that use the same authentication key as the ENDS can register with the ENDS.

Examples

# Enable ENDP authentication on the NVE tunnel interface Tunnel 0. Specify vxlan-a as the authentication key in plain text.

<Sysname> system-view

[Sysname] interface tunnel 0 mode nve

[Sysname-Tunnel0] vxlan neighbor-discovery authentication simple vxlan-a

Related commands

· display vxlan neighbor-discovery client summary

· display vxlan neighbor-discovery server summary

vxlan neighbor-discovery client enable

Use vxlan neighbor-discovery client enable to specify an NVE tunnel interface as the ENDC of an ENDS.

Use undo vxlan neighbor-discovery client enable to remove the ENDC from an NVE tunnel interface.

Syntax

vxlan neighbor-discovery client enable server-ip

undo vxlan neighbor-discovery client enable server-ip

Default

The ENDC function is disabled.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

server-ip: Specifies the IP address of a remote ENDS.

Usage guidelines

For redundancy, you can specify a maximum of two ENDS addresses on an NVE tunnel interface. These two ENDSs work independently. The failure of one ENDS does not affect the neighbor discovery.

H3C recommends that you configure different ENDSs for two ENDCs on the VTEP if the ENDCs use the same IP address but different network IDs.

Examples

# Configure Tunnel 0 as an ENDC of the ENDS at 11.0.0.1.

<Sysname> system-view

[Sysname] interface tunnel 0 mode nve

[Sysname-Tunnel0] vxlan neighbor-discovery client enable 11.0.0.1

Related commands

display vxlan neighbor-discovery client summary

vxlan neighbor-discovery client register-interval

Use vxlan neighbor-discovery client register-interval to configure the interval at which the ENDCs on an NVE tunnel interface update their registration with their ENDSs.

Use undo vxlan neighbor-discovery client register-interval to restore the default.

Syntax

vxlan neighbor-discovery client register-interval time-value

undo vxlan neighbor-discovery client register-interval

Default

An ENDC updates its registration with its ENDS every 15 seconds.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

time-value: Specifies the registration update interval in the range of 5 to 120 seconds.

Usage guidelines

ENDP uses an ENDS probe timer and a registration aging timer in addition to the ENDC register timer set by using this command.

· ENDS probe timer—Sets the interval for an ENDC to detect an ENDS. This timer is maintained on ENDCs and is fixed at 5 seconds.

· ENDC register timer—Sets the interval for an ENDC to update its registration with an ENDS. This timer defaults to 15 seconds and can be changed by using the vxlan neighbor-discovery client register-interval command on ENDCs.

· Registration aging timer—This timer is five times the ENDC register timer. This timer is maintained on ENDSs. When the registration aging timer for an ENDC expires, the ENDS removes the ENDC from its ENDC database.

When an ENDC sends a register request to join a VXLAN network, a 5-second ENDS probe timer starts. The ENDC sends a register request to the ENDS every 5 seconds until it receives a response from the ENDS.

When the ENDC receives a response from the ENDS, the ENDS probe timer stops and an ENDC register timer starts. The ENDC regularly sends register updates at the interval set by the register timer.

If the ENDC does not receive a response after sending five consecutive register packets, the ENDC clears its neighbor database and starts the ENDS probe timer.

The ENDC adds the register timer setting to each register packet. The ENDS records this timer setting when it adds the ENDC to the ENDC database. If no register update is received from the ENDC before five times the timer is reached, ENDS removes the ENDC from the VXLAN.

Examples

# Set the ENDC registration update interval to 30 seconds on the NVE tunnel interface Tunnel 0.

<Sysname> system-view

[Sysname] interface tunnel 0 mode nve

[Sysname-Tunnel0] vxlan neighbor-discovery client register-interval 30

Related commands

display vxlan neighbor-discovery client summary

vxlan neighbor-discovery server enable

Use vxlan neighbor-discovery server enable to enable ENDS on an NVE tunnel interface.

Use undo vxlan neighbor-discovery server enable to disable ENDS on an NVE tunnel interface.

Syntax

vxlan neighbor-discovery server enable

undo vxlan neighbor-discovery server enable

Default

The ENDS function is disabled.

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

When you enable ENDS on an NVE tunnel interface, an ENDC is automatically enabled, with the source address of the NVE tunnel as the ENDS address.

Examples

# Enable ENDS on the NVE tunnel interface Tunnel 0.

<Sysname> system-view

[Sysname] interface tunnel 0 mode nve

[Sysname-Tunnel0] vxlan neighbor-discovery server enable

Related commands

display vxlan neighbor-discovery server summary

VXLAN IS-IS commands

display vxlan isis brief

Use display vxlan isis brief to display brief information about the VXLAN IS-IS process.

Syntax

display vxlan isis brief

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display brief information about the VXLAN IS-IS process.

<Sysname> display vxlan isis brief

Network-entity: 00.0011.2200.0001.00

LSP-length receive: 1400

LSP-length originate: 1400

Timers:

LSP-max-age: 1200s

LSP-refresh: 900s

State: Enabled

Table 14 Command output

Field	Description
Network-entity	Network entity name of the VXLAN IS-IS process.
LSP-length receive	Maximum length of incoming LSPs.
LSP-length originate	Maximum length of LSPs that the VXLAN IS-IS process can generate.
Timers	LSP-max-age—Maximum lifetime for the LSPs generated by the VXLAN IS-IS process. LSP-refresh—Interval at which the VXLAN IS-IS process sends LSPs to refresh remote LSDBs.
State	Running status of the VXLAN IS-IS process: · Enabled—MAC address synchronization or VXLAN auto-negotiation is enabled. The VXLAN IS-IS process is running. · Disabled—MAC address synchronization and VXLAN auto-negotiation are disabled. The VXLAN IS-IS process is not running.

display vxlan isis graceful-restart status

Use display vxlan isis graceful-restart status to display the GR state of the VXLAN IS-IS process.

Syntax

display vxlan isis graceful-restart status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the GR state of the VXLAN IS-IS process.

<Sysname> display vxlan isis graceful-restart status

Restart status: RESTARTING

Restart phase: LSDB synchronization

Restart interval: 300s

T3 remaining time: 65531s

Total number of interfaces: 1

Number of waiting LSPs: 0

T2 remaining time: 56s

Interface: Tunnel0

T1 remaining time: 2

RA received: N

CSNP received: N

T1 expired number: 3

Table 15 Command output

Field	Description
Restart status	Graceful Restart state: · COMPLETE—Restart has completed. · STARTING—VXLAN IS-IS process begins to restart. · RESTARTING—VXLAN IS-IS process is restarting. · UNKNOWN—Unknown state.
Restart phase	Restart phase: · Initialization—VXLAN IS-IS process is initializing. · LSDB synchronization—Peer VXLAN IS-IS processes are synchronizing LSDBs. · MAC receiving—VXLAN IS-IS process is receiving reported local MAC addresses. · LSP stable—VXLAN IS-IS process is generating LSPs. · LSP generation—VXLAN IS-IS process refreshes and floods LSPs to adjacent VXLAN neighbors. · Finish—Graceful Restart is complete. · Unknown—Unknown phase.
Restart Interval	T2 timer, in seconds. The GR process fails if the device fails to complete LSDB synchronization before this timer expires. The peer VXLAN IS-IS process removes the adjacency with the restarting VXLAN IS-IS. This timer is configurable by using the graceful-restart interval command.
T3 remaining time	The remaining time (in seconds) of the T3 timer. The GR process fails if it is not complete before this timer expires. The peer VXLAN IS-IS process removes the adjacency with the restarting VXLAN IS-IS. This timer is not user configurable.
Total number of interfaces	Number of VXLAN-enabled interfaces.
Number of waiting LSPs	Number of LSPs that are waiting to be synchronized with the GR helper for completing LSDB synchronization.
T2 remaining time	The remaining time (in seconds) of the T2 timer.
Interface	Interface-specific GR status information for the VXLAN IS-IS process.
T1 remaining time	Remaining time (in seconds) of the T1 timer on the interface. The T1 timer sets the interval for the restarting device to retransmit hello messages with the RR bit set (restart request messages). The T1 timer is not user configurable. The restarting device retransmits a restart request message to the neighbor if it has not received an acknowledgment for the previous restart request before the T1 timer expires. NOTE: VXLAN IS-IS sends hello messages with the RA bit set to acknowledge restart requests.
RA received	Whether the interface received a VXLAN IS-IS hello with the RA flag from the neighbor device.
CSNP received	Whether the interface received a CSNP from the neighbor device.
T1 expired number	Number of T1 timer expirations on the interface. When this counter reaches 10, the restarting device stops retransmitting hello messages with the RR bit set.

display vxlan isis local-mac

Use display vxlan isis local-mac to display local MAC reachability information maintained by VXLAN IS-IS.

Syntax

display vxlan isis local-mac dynamic [ [ vxlan-id vxlan-id ] [ count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Displays the dynamic MAC addresses for the local site.

vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, the command displays local MAC reachability information for all VXLANs.

Examples

# Display local dynamic MAC reachability information for all VXLANs.

<Sysname> display vxlan isis local-mac dynamic

VXLAN ID: 100

MAC address: 00aa-00bb-00cc

MAC address: 00aa-00cc-00bb

MAC address: 00cc-00aa-00bb

VXLAN ID: 50

MAC address: 00bb-00aa-00cc

MAC address: 00bb-00cc-00aa

# Display the sum of local dynamic MAC addresses in all VXLANs.

<Sysname> display vxlan isis local-mac dynamic count

5 MAC addresses found.

display vxlan isis lsdb

Use display vxlan isis lsdb to display the LSDB of the VXLAN IS-IS process.

Syntax

display vxlan isis lsdb [ local | lsp-id lsp-id | verbose ] * [ tunnel tunnel-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Displays locally generated LSPs.

lsp-id lspid: Specifies an LSP identifier in the SYSID.Pseudonode ID-fragment num format, where sysID represents the originating node or pseudo node, and Pseudo ID is separated by a dot from sysID and by a hyphen from fragment num.

verbose: Displays detailed information about LSPs in the LSDB. If you do not specify this keyword, the command displays LSP summaries.

tunnel tunnel-number: Specifies a VXLAN tunnel interface by its interface number. The tunnel interface must already exist.

Examples

# Display LSP summaries for the VXLAN IS-IS process.

<Sysname> display vxlan isis lsdb

Link state database information for VXLAN ISIS (Tunnel 1)

LSP ID Seq num Checksum Holdtime Length Overload

-----------------------------------------------------------------------------

0011.2200.0201.0000-00 0x00000063 0x1bc2 1104 74 0

0011.2200.0401.0000-00* 0x00000060 0x7f76 1089 55 0

0011.2200.0401.0001-00* 0x0000005f 0xf77 1175 57 0

Flags: *-Self LSP, +-Self LSP(Extended)

# Display detailed LSP information for the VXLAN IS-IS process.

<Sysname> display vxlan isis lsdb verbose

Link state database information for VXLAN ISIS (Tunnel 1)

LSP ID: 0011.2200.0201.0000-00

Sequence number: 0x00000063

Checksum: 0x1bc2

Holdtime: 745s

Length: 74

Overload: 0

Source: 0011.2200.0201.0000

Neighbour

ID: 0011.2200.0401.0001, Cost: 10

VXLANs:

VXLAN ID: 100

VXLAN ID: 10

MAC addresses:

VXLAN ID: 10 Confidence: 1

0001-0001-0001

LSP ID: 0011.2200.0401.0000-00*

Sequence number: 0x00000060

Checksum: 0x7f76

Holdtime: 730s

Length: 55

Overload: 0

Source: 0011.2200.0401.0000

Neighbour

ID: 0011.2200.0401.0001, Cost: 10

VXLANs:

VXLAN ID: 10

LSP ID: 0011.2200.0401.0001-00*

Sequence number: 0x0000005f

Checksum: 0xf77

Holdtime: 816s

Length: 57

Overload: 0

Source: 0011.2200.0401.0001

Neighbour

ID: 0011.2200.0201.0000, Cost: 0

ID: 0011.2200.0401.0000, Cost: 0

Flags: *-Self LSP, +-Self LSP(Extended)

Table 16 Command output

Field	Description
LSP ID	LSP ID: · An asterisk mark (*) suffix indicates that the LSP segment is generated by the default VXLAN IS-IS system on the local device. · A plus sign (+) suffix indicates that the LSP segment is generated by a VXLAN IS-IS virtual system on the local device. · IDs of remote LSPs do not have a suffix.
Sequence number	LSP sequence number.
Holdtime	LSP lifetime (in seconds), which decreases as time goes by.
Length	LSP length.
Overload	Overload bit flag in the LSP: · 1—The bit is set. · 0—The bit is not set.
Source	System ID of the LSP generating device.
Neighbour	Neighbors of the LSP generating device.
ID	System ID of the neighbor.
Cost	Cost of the link between the LSP generating device and its neighbor.
VXLANs: VXLAN ID	VXLAN IDs advertised by the LSP.
MAC addresses	MAC addresses that can be reached through the LSP generating device.
VXLAN ID	VXLAN that contains the MAC address.
Confidence	LSP credibility: · 0—No conflict existed when the MAC entry was created. · 1—The MAC entry conflicts with an existing entry. The entry with a confidence of 0 is more trustworthy than the entry with a confidence of 1.

display vxlan isis peer

Use display vxlan isis peer to display VXLAN IS-IS neighbor information.

Syntax

display vxlan isis peer

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display neighbor information for the VXLAN IS-IS process.

<Sysname> display vxlan isis peer

System ID: 0011.2200.0201

Link interface: Tunnel1

Circuit ID: 0011.2200.0401.0001

State: Up

Hold time: 26s

Neighbour DED priority: 64

Uptime: 00:01:24

Table 17 Command output

Field	Description
System ID	System ID of the VXLAN neighbor.
Link interface	Local VXLAN tunnel interface.
Circuit ID	Link ID.
State	Adjacency state: · Init—Neighbor state is initializing. · Up—Adjacency has been set up. · Down—Adjacency is lost.
Hold time	Adjacency holding timer, decreasing as time goes by. If no hello packet has been received from the neighbor before this timer expires, the device removes the adjacency with the neighbor. If a hello packet is received, the holding timer restarts.
Neighbour DED Priority	DED priority of the neighbor. On each VXLAN tunnel, the VTEP with higher DED priority is elected the DED.
Uptime	The amount of time that the adjacency with the neighbor has lasted.

display vxlan isis remote-mac

Use display vxlan isis remote-mac to display remote MAC reachability information maintained by VXLAN IS-IS.

Syntax

display vxlan isis remote-mac [ [ vxlan-id vxlan-id ] [ count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, the command displays remote MAC reachability information for all VXLAN tunnel interfaces.

Examples

# Display remote MAC reachability information that VXLAN IS-IS has for all VXLAN tunnel interfaces.

<Sysname> display vxlan isis remote-mac

MAC Flags: A-MAC received on an active tunnel interface.

C-MAC conflict with local dynamic MAC.

F-MAC has been flushed to the remote MAC address table.

VXLAN ID: 10

MAC address: 0001-0001-0001

Interface: Tunnel1

Flags: AF

# Display the sum of remote MAC addresses that VXLAN IS-IS has for all VXLAN tunnel interfaces.

<Sysname> display vxlan isis remote-mac count

1 MAC addresses found.

display vxlan isis remote-vxlan

Use display vxlan isis remote-vxlan to display remote VXLAN information.

Syntax

display vxlan isis remote-vxlan [ vxlan-id | count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vxlan-id: Specifies a remote VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, the command displays information about all VXLANs.

Examples

# Display information about all VXLANs.

<Sysname> display vxlan isis remote-vxlan

VXLAN Flags: S-VXLAN supported at the local end

F-Association between VXLAN and Tunnels has been flushed to L2VPN

VXLAN ID: 10000

Flags: FS

Tunnel: 1

<Sysname> display vxlan isis remote-vxlan count

1 remote VXLANs found.

Table 18 Command output

Field	Description
Tunnel	VXLAN tunnels assigned to the VXLAN.
Flags	VXLAN flag: · S—The local end supports the VXLAN. · F—The associations between the VXLAN and tunnels have been flushed to L2VPN. · N/A—The local end does not support the VXLAN.

Field

Description

Tunnel

VXLAN tunnels assigned to the VXLAN.

Flags

VXLAN flag:

· S—The local end supports the VXLAN.

· F—The associations between the VXLAN and tunnels have been flushed to L2VPN.

· N/A—The local end does not support the VXLAN.

display vxlan isis tunnel

Use display vxlan isis tunnel to display VXLAN IS-IS settings on VXLAN tunnel interfaces.

Syntax

display vxlan isis tunnel [ tunnel-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel-number: Specifies a VXLAN tunnel interface by its number. If you do not specify a VXLAN tunnel interface, the command displays VXLAN IS-IS settings on all VXLAN tunnel interfaces.

Examples

# Display VXLAN IS-IS settings on Tunnel 101.

<Sysname> display vxlan isis tunnel 101

Tunnel101

MTU: 1400

DED: Yes

DED priority: 80

Hello timer: 10s

Hello multiplier: 3

CSNP timer: 10s

LSP timer: 100ms

Max LSP transmit number: 5

VXLANs:

1,50,100

Table 19 Command output

Field	Description
MTU	Link MTU of the tunnel.
DED	DED election result: · Yes—The device is a DED in the VXLAN network. · No—The device is not a DED in the VXLAN network.
DED priority	DED priority of the device on the VXLAN tunnel interface.
Hello timer	Sets the interval at which VXLAN IS-IS sends hello packets to maintain the adjacencies with neighbors.
Hello multiplier	Multiplier for calculating the VXLAN IS-IS adjacency holding time. If the Graceful Restart function is disabled, the adjacency hold time equals the VXLAN IS-IS hello interval multiplied by the hello multiplier. If Graceful Restart is enabled, the adjacency hold time equals the restart interval or equals the VXLAN IS-IS hello interval multiplied by the holding-multiplier, whichever is greater. The adjacency hold time is sent to all neighbors. If a neighbor has not received a hello packet from this device before the holding timer expires, it removes the adjacency with this device.
CSNP timer	Sets the interval at which the VTEP sends CSNP packets to advertise LSP summaries for LSDB synchronization. This timer takes effect only if the VTEP is a DED.
LSP timer	Minimum LSP sending interval. The device must wait for this timer to expire before sending LSPs. Together with the maximum number of LSPs setting, this timer reduces the impact of LSP traffic on VXLAN network performance.
Max LSP transmit number	Maximum number of LSPs that can be sent at each interval.
VXLANs	VXLANs on the VXLAN tunnel interface.

graceful-restart

Use graceful-restart to enable Graceful Restart for the VXLAN IS-IS process.

Use undo graceful-restart to disable Graceful Restart for the VXLAN IS-IS process.

Syntax

graceful-restart

undo graceful-restart

Default

Graceful Restart is disabled.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Usage guidelines

Enable Graceful Restart for the peer VXLAN IS-IS processes at two ends of the VXLAN tunnel.

This feature guarantees nonstop forwarding while the peer VXLAN IS-IS process are re-establishing their adjacency after a process restart or active/standby switchover occurs.

Examples

# Enable Graceful Restart for the VXLAN IS-IS process.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis] graceful-restart

Related commands

display vxlan isis graceful-restart status

graceful-restart interval

Use graceful-restart interval to set the GR restart interval for VXLAN IS-IS.

Use undo graceful-restart interval to restore the default.

Syntax

graceful-restart interval interval-value

undo graceful-restart interval

Default

The GR restart interval is 300 seconds.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Parameters

interval-value: Specifies a GR restart interval in the range of 30 to 1800 seconds.

Usage guidelines

This command sets the T2 timer to control the maximum amount of time for LSDB synchronization during a restart.

The device advertises the T2 timer as the adjacency hold time to its neighbor during a GR process.

Before the timer expires, the neighbor maintains the adjacency with the device. If the device fails to complete the restart before this timer expires, the neighbor removes the adjacency. The GR process fails.

Examples

# Set the GR restart interval to 120 seconds for the VXLAN IS-IS process.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis] graceful-restart interval 120

Related commands

display vxlan isis graceful-restart status

log-peer-change enable

Use log-peer-change enable to enable VXLAN IS-IS adjacency change logging.

Use undo log-peer-change enable to disable outputting VXLAN IS-IS adjacency change log.

Syntax

log-peer-change enable

undo log-peer-change enable

Default

VXLAN IS-IS adjacency change logging is enabled.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Usage guidelines

Adjacency change logging enables the VXLAN IS-IS process to send a log message to the information center when an adjacency change occurs. With the information center, you can set log message filtering and output rules, including output destinations. For more information about using the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Disable adjacency change logging for the VXLAN IS-IS process.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis] log-peer-change enable

mac-synchronization enable

Use mac-synchronization enable to enable MAC reachability information advertisement through VXLAN IS-IS.

Use undo mac-synchronization enable to restore the default.

Syntax

mac-synchronization enable

undo mac-synchronization enable

Default

VXLAN IS-IS does not advertise MAC reachability information between VTEPs.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Usage guidelines

This command enables the VTEP to advertise and receive MAC reachability information through VXLAN IS-IS.

Examples

# Enable MAC advertisement through VXLAN IS-IS.

<Sysname> reset VXLAN arp-suppression interface tunnel 101

This will delete all entries under the specified interface. Continue? [Y/N]:y

negotiate-vni enable

Use negotiate-vni enable to enable VXLAN autonegotiation through VXLAN IS-IS.

Use undo negotiate-vni enable to restore the default.

Syntax

negotiate-vni enable

undo negotiate-vni enable

Default

VXLAN autonegotiation is disabled. VXLAN IS-IS does not advertise VXLAN IDs between VTEPs.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Usage guidelines

To automatically assign VXLAN tunnels to VXLANs, enable VXLAN autonegotiation on all VTEPs.

VXLAN autonegotiation enables the VTEPs to advertise local VXLAN IDs through VXLAN IS-IS. Two VTEPs assign the VXLAN tunnel between them to a VXLAN if both of them have the VXLAN ID.

Examples

# Enable VXLAN autonegotiation through VXLAN IS-IS.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis] negotiate-vni enable

overlay isis ded-priority

Use overlay isis ded-priority to change the DED priority of the VTEP on a VXLAN tunnel interface.

Use undo overlay isis ded-priority to restore the default DED priority.

Syntax

overlay isis ded-priority value

undo overlay isis ded-priority

Default

The DED priority value is 64.

Views

VXLAN tunnel interface view, NVE tunnel interface view

Predefined user roles

network-admin

Parameters

value: Specifies a DED priority value in the range of 0 to 127.

Usage guidelines

On each VXLAN tunnel, the VTEP with higher DED priority is elected the DED to send CSNP packets periodically for LSDB synchronization. If the VTEPs have the same DED priority, the one with the higher MAC address is elected.

Examples

# Set the DED priority value of Tunnel 101 to 2.

<Sysname> system-view

[Sysname] interface tunnel 101

[Sysname-tunnel101] overlay isis ded-priority 2

Related commands

display vxlan isis tunnel

overlay isis timer csnp

Use overlay isis timer csnp to set the CSNP interval.

Use undo overlay isis timer csnp to restore the default.

Syntax

overlay isis timer csnp seconds

undo overlay isis timer csnp

Default

The CSNP interval is 10 seconds.

Views

VXLAN tunnel interface view, NVE tunnel interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies an interval in the range of 1 to 600 seconds.

Usage guidelines

The setting takes effect only if the VTEP is the DED on the tunnel.

The DED sends CSNP packets at the specified interval to advertise LSP summaries to the remote VTEP for LSDB synchronization.

Examples

# Set the CSNP interval to 15 seconds on Tunnel 101.

<Sysname> system-view

[Sysname] interface tunnel 101

[Sysname-tunnel101] overlay isis timer csnp 15

Related commands

display vxlan isis tunnel

overlay isis timer hello

Use overlay isis timer hello to set the VXLAN IS-IS hello interval.

Use undo overlay isis timer hello to restore the default.

Syntax

overlay isis timer hello seconds

undo overlay isis timer hello

Default

The VXLAN IS-IS hello interval is 10 seconds.

Views

VXLAN tunnel interface view, NVE tunnel interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies an interval in the range of 3 to 255 seconds.

Usage guidelines

A short interval increases the speed of network convergence but requires more system resources.

If the VTEP is a DED, its hello interval is one-third of the hello interval set with this command.

Examples

# Set the VXLAN IS-IS hello interval to 6 seconds on Tunnel 101.

<Sysname> system-view

[Sysname] interface tunnel 101

[Sysname-tunnel101] overlay isis timer hello 6

Related commands

display vxlan isis tunnel

overlay isis timer holding-multiplier

Use overlay isis timer holding-multiplier to set the hello multiplier for calculating the VXLAN IS-IS adjacency hold time.

Use undo overlay isis timer holding-multiplier to restore the default.

Syntax

overlay isis timer holding-multiplier value

undo overlay isis timer holding-multiplier

Default

The multiplier is 3 for calculating the VXLAN IS-IS adjacency hold time.

Views

VXLAN tunnel interface view, NVE tunnel interface view

Predefined user roles

network-admin

Parameters

value: Specifies a multiplier in the range of 3 to 1000.

Usage guidelines

Adjacency hold time sets the amount of time that the remote VTEPs can retain the adjacency with the local VTEP before an adjacency update.

· If Graceful Restart is disabled, the adjacency hold time equals the VXLAN IS-IS hello interval multiplied by the hello multiplier.

· If Graceful Restart is enabled, the adjacency hold time equals the restart interval or the VXLAN IS-IS hello interval multiplied by the hello multiplier, whichever is greater.

VTEPs send their adjacency hold time in hello packets to update the adjacencies with their neighbors. A VTEP removes the adjacency with a neighbor if it does not receive a hello packet from the neighbor before the timer expires.

The maximum adjacency hold time is 65535 seconds. If this value is exceeded, the actual adjacency hold time is set to 65535 seconds.

Examples

# Set the hello multiplier to 6 for calculating the VXLAN IS-IS adjacency hold time.

<Sysname> system-view

[Sysname] interface tunnel 101 mode overlay

[Sysname-tunnel101] overlay isis timer holding-multiplier 6

Related commands

overlay isis timer hello

overlay isis timer lsp

Use overlay isis timer lsp to set the minimum LSP sending interval and the maximum number of LSPs that can be sent at each interval.

Use undo overlay isis timer lsp to restore the default.

Syntax

overlay isis timer lsp time [ count count ]

undo overlay isis timer lsp

Default

The minimum LSP sending interval is 100 milliseconds. A maximum of five LSPs can be sent at each interval.

Views

VXLAN tunnel interface view, NVE tunnel interface view

Predefined user roles

network-admin

Parameters

time: Specifies the minimum LSP sending interval, a multiple of 100 in the range of 100 to 1000 milliseconds.

count count: Specifies the maximum number of LSP segments that can be sent at each interval. The value range is 1 to 1000.

Usage guidelines

The VTEP generates an LSP update when any LSDB content changes. For example, a MAC address is removed or added.

Use this command to control the amount of LSP segments that the VTEP sends out. To decrease the amount of LSP segments, increase the interval and decreases the maximum number of LSP segments sent at each interval.

Examples

# Set the minimum LSP sending interval to 500 ms.

<Sysname> system-view

[Sysname] interface tunnel 101

[Sysname-tunnel101] overlay isis timer lsp 500

Related commands

display vxlan isis brief

reserved vxlan

Use reserved vxlan to specify a VXLAN for the VTEP to exchange VXLAN IS-IS packets with other VTEPs.

Use undo reserved vxlan to restore the default.

Syntax

reserved vxlan vxlan-id

undo reserved vxlan

Default

No VXLAN has been reserved.

Views

System view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 1 to 16777215.

Usage guidelines

You can specify only one reserved VXLAN on the VTEP. All VSIs on the VTEP use the reserved VXLAN to send and receive VXLAN IS-IS packets.

To exchange VXLAN IS-IS packets, two VTEPs must use the same reserved VXLAN.

The reserved VXLAN cannot be the VXLAN created on any VSI.

Examples

# Specify VXLAN 10000 as the reserved VXLAN for VXLAN IS-IS.

<Sysname> system-view

[Sysname] reserved vxlan 10000

reset vxlan isis

Use reset vxlan isis to clear dynamic VXLAN IS-IS data.

Syntax

reset vxlan isis

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command clears data on the VXLAN IS-IS process, including neighbor information, local and remote MAC reachability information, VXLAN IDs, and the LSDB.

Examples

# Clear dynamic data of the VXLAN IS-IS process.

<Sysname> reset vxlan isis

timer lsp-max-age

Use timer lsp-max-age to specify the maximum lifetime of LSPs generated by the VTEP.

Use undo timer lsp-max-age to restore the default.

Syntax

timer lsp-max-age seconds

undo timer lsp-max-age

Default

The maximum LSP lifetime is 1200 seconds.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Parameters

seconds: Specifies the maximum LSP lifetime in the range of 3 to 65535 seconds.

Usage guidelines

This command specifies the maximum amount of time an LSP generated by the local VXLAN IS-IS process can be valid in an LSDB. When the timer decreases to zero, the LSP is removed from the LSDB.

Examples

# Set the maximum LSP lifetime to 25 minutes (1500 seconds) on the VXLAN IS-IS process.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis] timer lsp-max-age 1500

Related commands

display vxlan isis brief

timer lsp-refresh

Use timer lsp-refresh to specify the LSP refresh interval.

Use undo timer lsp-refresh to restore the default.

Syntax

timer lsp-refresh seconds

undo timer lsp-refresh

Default

The LSP refresh interval is 900 seconds.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Parameters

seconds: Specifies the LSP refresh interval in the range of 1 to 65534 seconds.

Usage guidelines

Each VTEP updates the LSPs that they generated at the LSP refresh interval to maintain LSDB consistency across the VXLAN network.

To avoid unnecessary LSP age-outs at remote VTEPs, make sure the LSP refresh interval is shorter than the LSP lifetime.

Examples

# Set the LSP refresh interval to 1500 seconds.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis] timer lsp-refresh 1500

Related commands

· display vxlan isis brief

· timer lsp-max-age

virtual-system

Use virtual-system to create a VXLAN IS-IS virtual system.

Use undo virtual-system to delete a VXLAN IS-IS virtual system.

Syntax

virtual-system systemid

undo virtual-system systemid

Default

No VXLAN IS-IS virtual systems exist.

Views

VXLAN IS-IS view

Predefined user roles

network-admin

Parameters

systemid: Specifies a virtual system ID in the XXXX.XXXX.XXXX format. Each X represents a hexadecimal digit.

Usage guidelines

The virtual system ID must be unique in the network.

The VXLAN IS-IS process sends all local MAC reachability information in one LSP. By default, an LSP can convey a maximum of 55 x 2¹⁰ MAC address entries.

To increase this number to include all local MAC address entries, create virtual systems. Each virtual system represents an increase of 55 x 2¹⁰ MAC address entries.

Examples

# Create the virtual system 0001.0001.0001.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis] virtual-system 0001.0001.0001

Related commands

display vxlan isis brief

vxlan-isis

Use vxlan-isis to create a VXLAN IS-IS process or enter VXLAN IS-IS view.

Use undo vxlan-isis to delete the VXLAN IS-IS process.

Syntax

vxlan-isis

undo vxlan-isis

Default

The VXLAN IS-IS process does not exist.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You can create only one VXLAN IS-IS process.

All settings configured in VXLAN IS-IS view are removed if you delete the VXLAN IS-IS process.

Examples

# Enter VXLAN IS-IS process view.

<Sysname> system-view

[Sysname] vxlan-isis

[Sysname-vxlan-isis]

Related commands

display vxlan isis brief

OVSDB commands

ovsdb server ca-certificate

Use ovsdb server ca-certificate to specify a CA certificate file for SSL.

Use undo ovsdb server ca-certificate to remove the CA certificate file setting for SSL.

Syntax

ovsdb server ca-certificate ca-filename [ bootstrap ]

undo ovsdb server ca-certificate

Default

No CA certificate file is specified.

Views

System view

Predefined user roles

network-admin

Parameters

ca-filename: Specifies the CA certificate file name, a case-insensitive string. The file name cannot contain the slot string.

bootstrap: Obtains a CA certificate file from the controller if the specified CA certificate file does not exist. The obtained file will be stored under the path specified for the ca-filename argument.

Usage guidelines

You must specify a CA certificate file for establishing active or passive OVSDB SSL connections.

This command takes effect after you execute the ovsdb server enable command.

Examples

# Specify a CA certificate file for SSL.

<Sysname> system-view

[Sysname] ovsdb server ca-certificate flash:/vswitchd.cacert bootstrap

ovsdb server certificate

Use ovsdb server certificate to specify a certificate file for SSL.

Use undo ovsdb server certificate to remove the certificate file setting for SSL.

Syntax

ovsdb server certificate cert-filename

undo ovsdb server certificate

Default

No certificate file is specified.

Views

System view

Predefined user roles

network-admin

Parameters

cert-filename: Specifies the certificate file name, a case-insensitive string. The file name cannot contain the slot string.

Usage guidelines

You must specify a certificate file for establishing active or passive OVSDB SSL connections.

This command takes effect after you execute the ovsdb server enable command.

Examples

# Specify a certificate file for SSL.

<Sysname> system-view

[Sysname] ovsdb server certificate flash:/ovsclient-cert.pem

ovsdb server enable

Use ovsdb server enable to enable the OVSDB server.

Use undo ovsdb server enable to disable the OVSDB server.

Syntax

ovsdb server enable

undo ovsdb server enable

Default

The OVSDB server is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Before you enable the OVSDB server, you must establish an OVSDB SSL or TCP connection with a minimum of one controller.

Examples

# Enable the OVSDB server.

<Sysname> system-view

[Sysname] ovsdb server enable

ovsdb server private-key

Use ovsdb server private-key to specify a key file for SSL.

Use undo ovsdb private-key to remove the key file setting for SSL.

Syntax

ovsdb server private-key key-filename

undo ovsdb server private-key

Default

No key file is specified.

Views

System view

Predefined user roles

network-admin

Parameters

key-filename: Specifies the key file name, a case-insensitive string. The file name cannot contain the slot string.

Usage guidelines

You must specify a key file for establishing active or passive OVSDB SSL connections.

This command takes effect after you execute the ovsdb server enable command.

Examples

# Specify a key file for SSL.

<Sysname> system-view

[Sysname] ovsdb server private-key flash:/ovsclient-privkey.pem

ovsdb server pssl

Use ovsdb server pssl to enable the device to listen for OVSDB SSL connection requests.

Use undo ovsdb server pssl to disable the device to listen for OVSDB SSL connection requests.

Syntax

ovsdb server pssl port [ port-number ]

undo ovsdb server pssl

Default

The device does not listen for OVSDB SSL connection requests.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port on which the device listens for OVSDB SSL connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the default port number 6640.

Usage guidelines

The device can listen for OVSDB SSL connection requests on only one port. If you execute this command multiple times, the most recent configuration takes effect.

Before you use this command, specify a key file, certificate file, and CA certificate file for SSL.

This command takes effect after you execute the ovsdb server enable command.

Examples

# Enable the device to listen for OVSDB SSL connection requests on port 6632.

<Sysname> system-view

[Sysname] ovsdb server pssl port 6632

ovsdb server ptcp

Use ovsdb server ptcp to enable the device to listen for OVSDB TCP connection requests.

Use undo ovsdb server ptcp to disable the device to listen for OVSDB TCP connection requests.

Syntax

ovsdb server ptcp port [ port-number ]

undo ovsdb server ptcp

Default

The device does not listen for TCP connection requests.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port on which the device listens for TCP connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the default port number 6640.

Usage guidelines

The device can listen for TCP connection requests on only one port. If you execute this command multiple times, the most recent configuration takes effect.

This command takes effect after you execute the ovsdb server enable command.

Examples

# Enable the device to listen for TCP connection requests on port 6632.

<Sysname> system-view

[Sysname] ovsdb server ptcp port 6632

ovsdb server ssl

Use ovsdb server ssl to establish an active OVSDB SSL connection to a controller.

Use undo ovsdb server ssl to remove the OVSDB SSL connection to a controller.

Syntax

ovsdb server ssl ipv4-address port port-number

undo ovsdb server ssl ipv4-address port port-number

Default

The device does not have active SSL connections.

Views

System view

Predefined user roles

network-admin

Parameters

ssl ipv4-address: Specifies the destination IPv4 address for the SSL connection.

port port-number: Specifies the destination port for the SSL connection. The value range for the port-number argument is 1 to 65535.

Usage guidelines

Before you use this command, specify a key file, certificate file, and CA certificate file for SSL.

The device can have a maximum of eight active SSL connections. All the SSL connections use the same key file, certificate file, and CA certificate file.

This command takes effect after you execute the ovsdb server enable command.

Examples

# Establish an SSL connection to port 6632 at 10.0.2.15.

<Sysname> system-view

[Sysname] ovsdb server ssl 10.0.2.15 port 6632

ovsdb server tcp

Use ovsdb server tcp to establish an active OVSDB TCP connection to a controller.

Use undo ovsdb server tcp to remove the OVSDB TCP connection to a controller.

Syntax

ovsdb server tcp ipv4-address port port-number

undo ovsdb server tcp ipv4-address port port-number

Default

The device does not have active TCP connections.

Views

System view

Predefined user roles

network-admin

Parameters

tcp ipv4-address: Specifies the destination IPv4 address for the TCP connection.

port port-number: Specifies the destination port for the TCP connection. The value range for the port-number argument is 1 to 65535.

Usage guidelines

The device can have a maximum of eight active OVSDB TCP connections.

This command takes effect after you execute the ovsdb server enable command.

Examples

# Establish an active OVSDB TCP connection to port 6632 at 10.0.2.15.

<Sysname> system-view

[Sysname] ovsdb server tcp 10.0.2.15 port 6632

vtep access port

Use vtep access port to specify a site-facing interface as a VTEP access port.

Use undo vtep access port to restore the default.

Syntax

vtep access port

undo vtep access port

Default

An interface is not a VTEP access port.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

For the controller to manage a site-facing interface, you must specify the interface as a VTEP access port.

Examples

# Specify FortyGigE 1/1/1 as a VTEP access port.

<Sysname> system-view

[Sysname] interface fortygige 1/1/1

[Sysname-FortyGigE1/1/1] vtep access port

vtep enable

Use vtep enable to enable VTEP mode.

Use undo vtep enable to disable VTEP mode.

Syntax

vtep enable

undo vtep enable

Default

VTEP mode is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable VTEP mode for the device to exchange information with the controller for VXLAN configuration.

Examples

# Enable VTEP mode.

<Sysname> system-view

[Sysname] vtep enable

vxlan tunnel service node

Use vxlan tunnel service node to enable flood proxy on multicast VXLAN tunnels.

Use undo vxlan tunnel service node to disable flood proxy on multicast VXLAN tunnels.

Syntax

vxlan tunnel service node

undo vxlan tunnel service node

Default

Flood proxy is disabled on multicast VXLAN tunnels.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable flood proxy globally on multicast tunnels if you use a flood proxy server.

The VTEP sends broadcast, multicast, and unknown unicast traffic for a VXLAN to the flood proxy server through its multicast tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs.

Examples

# Enable flood proxy on all multicast VXLAN tunnels.

<Sysname> system-view

[Sysname] vxlan tunnel service node

16 VXLAN Command Reference

VXLAN commands

arp suppression enable

display arp suppression vsi

flooding disable

group

mac-address static

tunnel

vtep group member remote

vxlan invalid-vlan-tag discard

vxlan local-mac report

vxlan tunnel mac-learning disable

display vxlan isis local-mac

display vxlan isis peer

display vxlan isis remote-mac

timer lsp-max-age

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us