17-VXLAN Command Reference

HomeSupportResource CenterReference GuidesCommand ReferencesH3C S12500-X & S12500X-AF Switch Series Command References-Release 113x-6W10117-VXLAN Command Reference
Table of Contents
Related Documents
01-Text
Title Size Download
01-Text 297.40 KB

Contents

VXLAN commands· 1

Basic VXLAN commands· 1

arp suppression enable· 1

description· 2

destination· 2

display arp suppression vsi 3

display igmp host group· 4

display l2vpn mac-address· 6

display l2vpn service-instance· 7

display l2vpn vsi 10

display interface tunnel 13

display statistic mode· 14

display vxlan tunnel 15

encapsulation· 16

flooding disable· 17

interface tunnel 18

group· 19

hardware-resource vxlan· 20

igmp host enable· 21

l2vpn enable· 21

mac-address static· 22

reset arp suppression vsi 23

reset l2vpn mac-address· 23

reset l2vpn statistics ac· 24

reset l2vpn statistics vsi 24

selective-flooding mac-address· 25

service-instance· 26

shutdown· 26

source· 27

statistic mode· 28

statistics enable (Ethernet service instance view) 29

statistics enable (VSI view) 29

tunnel 30

tunnel global source-address· 31

vsi 32

vxlan· 32

vxlan invalid-udp-checksum discard· 33

vxlan invalid-vlan-tag discard· 34

vxlan ip-forwarding· 34

vxlan local-mac report 35

vxlan tunnel arp-learning disable· 36

vxlan tunnel mac-learning disable· 37

vxlan udp-port 37

xconnect vsi 38

VXLAN IP gateway commands· 39

arp send-rate· 39

bandwidth· 40

default 40

description· 41

display interface vsi-interface· 42

gateway vsi-interface· 45

interface vsi-interface· 45

mtu· 46

reset counters interface vsi-interface· 46

shutdown· 47

vtep group member local 47

vtep group member remote· 48

OVSDB commands· 49

ovsdb server bootstrap ca-certificate· 49

ovsdb server enable· 50

ovsdb server pki domain· 50

ovsdb server pssl 51

ovsdb server ptcp· 52

ovsdb server ssl 53

ovsdb server tcp· 54

vtep access port 54

vtep enable· 55

vxlan tunnel service node· 55

Index· 57


VXLAN commands

Only FC, FE, and FX cards support VXLANs.

FC cards cannot provide VXLAN IP gateway services.

An FE or FX card cannot connect to a user site if it acts as a centralized VXLAN IP gateway.

Before you can configure VXLANs, you must perform the following tasks:

·     Set the system operation mode:

a.     Set the system operating mode to standard by using the system-working-mode standard command.

b.     Save the configuration.

c.     Delete the binary .mdb next-startup configuration file.

d.     Reboot the device.

·     Reserve one global-type VLAN interface resource for the VSI interface of each VXLAN before the VXLAN is created if you enable Layer 3 forwarding for VXLANs. For more information about reserving global-type VLAN interface resources, see VLAN configuration in Layer 2—LAN Switching Configuration Guide.

For more information about setting the system operating mode, see device management in Fundamentals Configuration Guide.

Basic VXLAN commands

arp suppression enable

Use arp suppression enable to enable ARP flood suppression.

Use undo arp suppression enable to restore the default.

Syntax

arp suppression enable

undo arp suppression enable

Default

ARP flood suppression is disabled.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.

This feature snoops ARP packets to populate the ARP flood suppression table for local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.

Examples

# Enable ARP flood suppression for the VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] arp suppression enable

Related commands

·     display arp suppression vsi

·     reset arp suppression vsi

description

Use description to configure a description for a VSI.

Use undo description to delete the description of a VSI.

Syntax

description text

undo description

Default

A VSI does not have a description.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies the VSI description, a case-sensitive string of 1 to 80 characters.

Examples

# Configure a description for the VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] description vsi for vpn1

Related commands

display l2vpn vsi

destination

Use destination to specify the destination address of a tunnel.

Use undo destination to remove the destination address of a tunnel.

Syntax

destination ipv4-address

undo destination

Default

No destination address is specified for a tunnel.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4-address: Specifies an IPv4 address.

Examples

# Specify the source address 193.101.1.1 and destination address 192.100.1.1 for Tunnel 1 on Sysname 1.

<Sysname1> system-view

[Sysname1] interface tunnel 1 mode vxlan

[Sysname1-Tunnel1] source 193.101.1.1

[Sysname1-Tunnel1] destination 192.100.1.1

# Specify the source address 192.100.1.1 and destination address 193.101.1.1 for Tunnel 1 on Sysname 2.

<Sysname2> system-view

[Sysname2] interface tunnel 1 mode vxlan

[Sysname2-Tunnel1] source 192.100.1.1

[Sysname2-Tunnel1] destination 193.101.1.1

Related commands

·     interface tunnel

·     source

display arp suppression vsi

Use display arp suppression vsi to display ARP flood suppression entries.

Syntax

In standalone mode:

display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]

In IRF mode:

display arp suppression vsi [ name vsi-name ] [ chassis chassis-number slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name vsi-name: Specifies a VSI by its name. If you do not specify a VSI, this command displays entries for all VSIs.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the IRF member ID. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on the global active MPU. (In IRF mode.)

count: Displays the number of ARP flood suppression entries that match this command.

Examples

# (In standalone mode.) Display the ARP flood suppression entries on the active MPU.

<Sysname> display arp suppression vsi

IP address   MAC address    Vsi Name Link ID    Aging

1.1.1.2      000f-e201-0101 vsi1     0x70000    14

1.1.1.3      000f-e201-0202 vsi1     0x80000    18

1.1.1.4      000f-e201-0203 vsi2     0x90000    10

# (In standalone mode.) Display the number of ARP flood suppression entries on the active MPU.

<Sysname> display arp suppression vsi count

Total entries: 3

# (In IRF mode.) Display the ARP flood suppression entries on the global active MPU.

<Sysname> display arp suppression vsi

IP address   MAC address    Vsi Name Link ID    Aging

1.1.1.2      000f-e201-0101 vsi1     0x70000    14

1.1.1.3      000f-e201-0202 vsi1     0x80000    18

1.1.1.4      000f-e201-0203 vsi2     0x90000    10

# (In IRF mode.) Display the number of ARP flood suppression entries on the global active MPU.

<Sysname> display arp suppression vsi count

Total entries: 3

Table 1 Command output

Field

Description

Link ID

Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.

Aging

Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted.

 

Related commands

·     arp suppression enable

·     reset arp suppression vsi

display igmp host group

Use display igmp host group to display information about the multicast groups that contain IGMP host-enabled interfaces.

Syntax

display igmp host group [ group-address | interface interface-type interface-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

group-address: Specifies a multicast group address. The value range is 224.0.1.0 to 239.255.255.255. If you do not specify a multicast group, this command displays information about all multicast groups.

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays multicast group information for all interfaces.

verbose: Displays detailed multicast group information. If you do not specify this keyword, the command displays brief multicast group information.

Usage guidelines

For the VXLAN multicast source interface of a multicast-mode VXLAN to join its VXLAN multicast group, you must enable the IGMP host feature on the interface. The VXLAN multicast source interface provides the source IP address for multicast VXLAN packets.

Use this command to verify the following information:

·     Multicast group information for VXLANs.

·     Group membership status of VXLAN multicast source interfaces.

Examples

# Display brief information about all multicast groups that contain IGMP host-enabled interfaces.

<Sysname> display igmp host group

IGMP host groups in total: 2

 Vlan-interface10(1.1.1.20):

  IGMP host groups in total: 2

   Group address      Member state      Expires

   225.1.1.1          Idle              Off

   225.1.1.2          Idle              Off

# Display detailed information about all multicast groups that contain IGMP host-enabled interfaces.

<Sysname> display igmp host group verbose

 Vlan-interface10(1.1.1.20):

  IGMP host groups in total: 2

   Group: 225.1.1.1

     Group mode: Exclude

     Member state: Idle

     Expires: Off

     Source list (sources in total: 0):

   Group: 225.1.1.2

     Group mode: Exclude

     Member state: Idle

     Expires: Off

     Source list (sources in total: 0):

Table 2 Command output

Field

Description

IGMP host groups in total

Total number of multicast groups that contain IGMP host-enabled interfaces.

Vlan-interface10(1.1.1.20)

Name and IP address of the IGMP host-enabled interface.

IGMP host groups in total

Total number of multicast groups on the interface.

Group address/Group

Address of the multicast group.

Member state

Member state:

·     Delay—The interface has joined the multicast group, and it has started the delay timer for sending IGMP reports.

·     Idle—The interface has joined the multicast group, but it has not started the delay timer for sending IGMP reports.

The delay timer is not user configurable.

Expires

Remaining delay time for the interface to send an IGMP report.

This field displays Off if the delay timer is disabled.

Group mode

Multicast source filtering mode:

·     Include.

·     Exclude.

Source list

Multicast sources of the multicast group.

sources in total

Total number of multicast sources.

 

 

NOTE:

For more information about the command output, see IGMP in IP Multicast Configuration Guide.

 

Related commands

igmp host enable

display l2vpn mac-address

Use display l2vpn mac-address to display MAC address entries for VSIs.

Syntax

display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.

dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries. The MAC address entries include dynamic remote- and local-MAC entries, manually added static remote-MAC entries, and remote-MAC entries issued through OpenFlow. VXLAN does not support static local-MAC entries.

count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.

Examples

# Display MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address

MAC Address      State    VSI Name                        Link ID/Name  Aging

0000-0000-000a   Dynamic  vpn1                            1             Aging

0000-0000-000b   Static   vpn1                            Tunnel10      NotAging

0000-0000-000c   Dynamic  vpn1                            Tunnel60      Aging

0000-0000-000d   Dynamic  vpn1                            Tunnel99      Aging

--- 4 mac address(es) found  ---

# Display the total number of MAC address entries in all VSIs.

<Sysname> display l2vpn mac-address count

4 mac address(es) found

Table 3 Command output

Field

Description

State

Entry state.

For Release 1135:

·     dynamic—Local- or remote-MAC entry dynamically learned in the data plane.

·     static—Manually added static remote-MAC entry.

·     openflow—Remote-MAC entry issued by a remote controller through OpenFlow.

For Release 1138P01 and later versions:

·     Dynamic—Local- or remote-MAC entry dynamically learned in the data plane.

·     Static—Manually added static remote-MAC entry.

·     OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow.

The Aging field displays NotAging for static entries and OpenFlow entries.

Link ID/Name

For a local MAC address, this field displays the AC's link ID on the VSI.

For a remote MAC address, this field displays the tunnel name.

Aging

Entry aging state:

·     Aging.

·     NotAging.

 

Related commands

reset l2vpn mac-address

display l2vpn service-instance

Use display l2vpn service-instance to display information about Ethernet service instances.

Syntax

display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, this command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.

service-instance instance-id: Specifies an Ethernet service instance by its ID, in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays information about all Ethernet service instances on the specified interface.

verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.

Examples

# Display brief information about all Ethernet service instances.

<Sysname> display l2vpn service-instance

Total number of service-instances: 4, 4 up, 0 down

Total number of ACs: 4, 4 up, 0 down

 

Interface                SrvID Owner                           LinkID State Type

FGE1/0/3                 1     vsi10                           1      Up    VSI

FGE1/0/3                 2     vsi11                           1      Up    VSI

FGE1/0/3                 3     vsi12                           1      Up    VSI

FGE1/0/3                 4     vsi13                           1      Up    VSI

Table 4 Command output

Field

Description

Total number of ACs

Total number of attachment circuits (ACs) and the number of ACs in each state (up or down).

Interface

Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.

SrvID

Ethernet service instance ID.

Owner

VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI.

LinkID

Ethernet service instance's link ID on the VSI.

State

Ethernet service instance state:

·     Up.

·     Down.

Type

L2VPN type of the Ethernet service instance:

·     VSI.

·     VPWS.

 

# Display detailed information about all Ethernet service instances on FortyGigE 1/0/3.

<Sysname> display l2vpn service-instance interface fortygige 1/0/3 verbose

Interface: FGE1/0/3

  Service Instance: 1

    Encapsulation : s-vid 16

    VSI Name      : vsi10

    Link ID       : 1

    State         : Up

    Statistics    : Enabled

    Input Statistics:

      Octets   :0

      Packets  :0

    Output Statistics:

      Octets   :0

      Packets  :0

  Service Instance: 2

    Encapsulation : s-vid 1001

                    only-tagged

    VSI Name      : vsi11

    Link ID       : 1

    State         : Up

    Statistics    : Disabled

  Service Instance: 3

    Encapsulation : s-vid 2000

                    c-vid 1016

    VSI Name      : vsi12

    Link ID       : 1

    State         : Up

    Statistics    : Disabled

Table 5 Command output

Field

Description

Interface

Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.

Service Instance

Ethernet service instance ID.

Encapsulation

Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain any match criterion, the command does not display this field.

Link ID

Ethernet service instance's link ID on the VSI.

State

Ethernet service instance state:

·     Up.

·     Down.

Statistics

Packet statistics state:

·     Enabled—The packet statistics feature is enabled for the Ethernet service instance.

·     Disabled—The packet statistics feature is disabled for the Ethernet service instance.

This field is available in Release 1138P01 and later versions.

Input Statistics

Incoming traffic statistics:

·     Octets—Number of incoming bytes.

·     Packets—Number of incoming packets.

This field is available in Release 1138P01 and later versions.

Output Statistics

Outgoing traffic statistics:

·     Octets—Number of outgoing bytes.

·     Packets—Number of outgoing packets.

This field is available in Release 1138P01 and later versions.

 

Related commands

service-instance

display l2vpn vsi

Use display l2vpn vsi to display information about VSIs.

Syntax

display l2vpn vsi [ name vsi-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.

verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.

Examples

# Display brief information about all VSIs.

<Sysname> display l2vpn vsi

Total number of VSIs: 1, 1 up, 0 down, 0 admin down

 

VSI Name                        VSI Index       MTU    State

vpna                            0               1500   Up

# Display detailed information about all VSIs.

<Sysname> display l2vpn vsi verbose

VSI Name: vpna

  VSI Index               : 0

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : Enabled

  MAC Table Limit         : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Enabled

  Input statistics:

    Octets   : 0

    Packets  : 0

    Errors   : 0

    Discards : 0

  Output statistics:

    Octets   : 0

    Packets  : 0

    Errors   : 0

    Discards : 0

  Gateway Interface       : VSI-interface 100

  VXLAN ID                : 10

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flooding proxy

    Tunnel1              0x5000001  Up       Manual      Disabled

    Tunnel2              0x5000002  Up       Manual      Disabled

    MTunnel0             0x6002710  Up       Auto        Disabled

  ACs:

    AC                               Link ID    State

    FGE1/0/1 srv1000                 0          Up

Table 6 Command output

Field

Description

VSI Description

Description of the VSI. If the VSI does not have a description, the command does not display this field.

VSI State

VSI state:

·     Up—The VSI is up. A VSI is up only when its VXLAN has an up VXLAN tunnel and an up AC.

·     Down—The VSI is down.

·     Administratively downThe VSI has been manually shut down by using the shutdown command.

MTU

MTU on the VSI.

Bandwidth

Maximum bandwidth in kbps on the VSI.

Broadcast Restrain

Broadcast restraint ratio.

Multicast Restrain

Multicast restraint ratio.

Unknown Unicast Restrain

Unknown unicast restraint ratio.

MAC Learning

State of the MAC learning function.

MAC Table Limit

Maximum number of MAC address entries on the VSI.

Drop Unknown

Action on source MAC-unknown frames received after the maximum number of MAC entries is reached.

Hub-Spoke

State of the hub-spoke function.

Flooding

State of the VSI's flooding function:

·     Enabled—Flooding is enabled on the VSI. The VTEP floods unknown unicast frames to both local and remote sites.

·     Disabled—Flooding is disabled on the VSI. The VTEP floods unknown unicast frames only to local sites.

Statistics

Packet statistics state:

·     Enabled—Packet statistics is enabled for the VSI.

·     DisabledPacket statistics is disabled for the VSI.

Input statistics

Incoming traffic statistics:

·     Octets—Number of incoming bytes.

·     Packets—Number of incoming packets.

·     Errors—Number of error packets.

·     Discards—Number of discarded packets.

Output statistics

Outgoing traffic statistics:

·     Octets—Number of outgoing bytes.

·     Packets—Number of outgoing packets.

·     Errors—Number of error packets.

·     Discards—Number of discarded packets.

Gateway Interface

VSI interface name.

Tunnels

Information about the VXLAN tunnels assigned to the VXLAN.

Link ID

Tunnel's link ID on the VSI.

State

Tunnel state:

·     Up—The tunnel is operating correctly.

·     Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. This value is available in Release 1138P01 and later versions.

·     Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. This value is available in Release 1138P01 and later versions.

·     Down—The tunnel interface is down.

Type

Tunnel assignment method:

·     Auto—The tunnel was automatically assigned to the VXLAN. For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic.

·     Manual—The tunnel was manually assigned to the VXLAN.

Flooding proxy

Flood proxy state:

·     EnabledFlood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs.

·     DisabledFlood proxy is disabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to remote VTEPs by using the unicast or multicast mode.

This field is available in Release 1138P01 and later versions.

ACs

ACs that are bound to the VSI.

Link ID

AC's link ID on the VSI.

State

AC state:

·     Up.

·     Down.

 

display interface tunnel

Use display interface tunnel to display information about tunnel interfaces.

Syntax

display interface [ tunnel [ number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

tunnel [ number ]: Specifies tunnel interfaces. If you specify a tunnel interface number, this command displays information about the specified interface. If you specify only the tunnel keyword, this command displays information about all tunnel interfaces. If you do not specify the tunnel [ interface-number ] option, this command displays information about all interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.

down: Displays interfaces that are physically down as well as the down reason. If you do not specify this keyword, the command does not filter output by physical interface state.

Examples

# Display detailed information about Tunnel 1.

<Sysname> display interface tunnel 1

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel protocol/transport UDP_VXLAN/IP

Table 7 Command output

Field

Description

Current state

State of the tunnel interface:

·     Administratively DOWN—The interface has been shut down by using the shutdown command.

·     DOWN—The interface is administratively up, but its physical state is down.

·     DOWN (Tunnel-Bundle administratively down)—The tunnel bundle interface to which the interface belongs has been shut down by using the shutdown command.

·     UP—The interface is both administratively and physically up.

Line protocol state

Data link layer protocol state of the tunnel interface:

·     UP—The data link layer protocol is up.

·     UP (spoofing)The data link layer protocol is up, but the link is an on-demand link or does not exist. This attribute is available for null interfaces and loopback interfaces.

·     DOWN—The data link layer protocol is down.

Description

Description of the tunnel interface.

Bandwidth

Expected bandwidth of the tunnel interface.

Maximum transmission unit

MTU of the tunnel interface.

Internet Address

IP address of the tunnel interface:

·     If the tunnel interface is assigned an IP address, this field displays the IP address. Primary indicates that the address is the primary IP address.

·     If the tunnel interface is not assigned an IP address, this field changes to Internet protocol processing: disabled. The tunnel interface cannot process IP packets.

Last clearing of counters

Last time when the interface statistics were cleared.

Tunnel source

Source address or source interface of the tunnel:

·     If a source address is specified for the tunnel, this field displays the source address.

·     If a source interface is specified for the tunnel, this field displays the source interface name and the interface's primary IP address.

Destination

Destination address of the tunnel.

Tunnel protocol/transport

Tunnel mode and transport protocol:

·     UDP_VXLAN/IP—The tunnel mode is VXLAN, and the transport protocol is IP.

·     NVE/IP—The tunnel mode is NVE, and the transport protocol is IP.

 

Related commands

·     destination

·     interface tunnel

·     source

display statistic mode

Use display statistic mode to display the current packet statistic collection mode.

Syntax

display statistic mode

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the current packet statistic collection mode.

<Sysname> display statistic mode

The packet statistic mode is vsi.

Related commands

statistic mode

display vxlan tunnel

Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.

Syntax

display vxlan tunnel [ vxlan-id vxlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.

Examples

# Display VXLAN tunnel information for all VXLANs.

<Sysname> display vxlan tunnel

Total number of VXLANs: 1

 

VXLAN ID: 10, VSI name: vpna, Total tunnels: 4 (4 up, 0 down, 0 defect, 0 blocked)

Tunnel name          Link ID    State    Type        Flooding proxy

Tunnel0              0x5000000  Up       Auto        Disabled

Tunnel1              0x5000001  Up       Manual      Disabled

Tunnel2              0x5000002  Up       Manual/Auto Disabled

MTunnel0             0x6002710  Up       Auto        Disabled

# Display VXLAN tunnel information for VXLAN 10.

<Sysname> display vxlan tunnel vxlan-id 10

VXLAN ID: 10, VSI name: vpna, Total tunnels: 4 (4 up, 0 down, 0 defect, 0 blocked)

Tunnel name          Link ID    State    Type        Flooding proxy

Tunnel0              0x5000000  Up       Auto        Disabled

Tunnel1              0x5000001  Up       Manual      Disabled

Tunnel2              0x5000002  Up       Manual/Auto Disabled

MTunnel0             0x6002710  Up       Auto        Disabled

Table 8 Command output

Field

Description

Link ID

Tunnel's link ID in the VXLAN.

State

Tunnel state:

·     Up—The tunnel is operating correctly.

·     Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. This value is available in Release 1138P01 and later versions.

·     Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. This value is available in Release 1138P01 and later versions.

·     Down—The tunnel interface is down.

Type

Tunnel assignment method:

·     Auto—The tunnel was automatically assigned to the VXLAN. For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic.

·     Manual—The tunnel was manually assigned to the VXLAN.

Flooding proxy

Flood proxy state:

·     EnabledFlood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs.

·     DisabledFlood proxy is disabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to remote VTEPs by using the unicast or multicast mode.

This field is available in Release 1138P01 and later versions.

 

Related commands

·     tunnel

·     vxlan

encapsulation

Use encapsulation to configure a frame match criterion for an Ethernet service instance.

Use undo encapsulation to remove a match criterion from an Ethernet service instance.

Syntax

encapsulation default

encapsulation { tagged | untagged }

encapsulation s-vid vlan-id [ only-tagged ]

encapsulation s-vid vlan-id c-vid vlan-id

undo encapsulation

Default

An Ethernet service instance does not contain a frame match criterion.

Views

Ethernet service instance view

Predefined user roles

network-admin

mdc-admin

Parameters

default: Matches any frames.

tagged: Matches any frames that have an 802.1Q VLAN tag. This keyword is not supported in the current software version.

untagged: Matches any frames that do not have an 802.1Q VLAN tag.

s-vid vlan-id: Matches frames that are tagged with the specified outer 802.1Q VLAN ID. The vlan-id argument specifies a 802.1Q VLAN ID in the range of 1 to 4094. If the outer 802.1Q VLAN is not the PVID, the matching result does not differ, whether or not you specify the only-tagged keyword. If the outer 802.1Q VLAN is the PVID, the matching result depends on whether or not the only-tagged keyword is specified.

only-tagged: Matches only PVID-tagged frames. To match both untagged frames and PVID-tagged frames, do not specify this keyword.

s-vid vlan-id c-vid vlan-id: Matches frames that are tagged with the specified outer and inner 802.1Q VLAN IDs. The vlan-id argument specifies an 802.1Q VLAN ID in the range of 1 to 4094.

Usage guidelines

The match criterion in each Ethernet service instance on an interface must be unique. For example, you cannot configure the encapsulation untagged command in one Ethernet service instance if another Ethernet service instance already contains this command. You cannot use the encapsulation s-vid vlan-id command to specify the same 802.1Q VLAN ID for any two Ethernet service instances on the interface.

An Ethernet service instance can contain only one match criterion. To change the match criterion, you must remove the original criterion first. When you remove the match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.

Examples

# Configure Ethernet service instance 1 on FortyGigE 1/0/1 to match frames that have an 802.1Q VLAN ID of 111.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] service-instance 1

[Sysname-FortyGigE1/0/1-srv1] encapsulation s-vid 111

Related commands

display l2vpn service-instance

flooding disable

Use flooding disable to disable flooding for a VSI.

Use undo flooding disable to restore the default.

Syntax

flooding disable

undo flooding disable

Default

Flooding is enabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

By default, the device floods unknown unicast frames received from the local site to the following interfaces in the frame's VXLAN:

·     All interfaces in the local site except for the incoming interface.

·     All VXLAN tunnel interfaces.

To limit unknown unicast traffic to the local site, use this command to disable the flooding function for the VSI bound to the VXLAN. The VSI will not flood unknown unicast frames to VXLAN tunnel interfaces.

Examples

# Disable flooding for the VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] flooding disable

interface tunnel

Use interface tunnel to create a tunnel interface and enter tunnel interface view.

Use undo interface tunnel to delete a tunnel interface.

Syntax

interface tunnel tunnel-number [ mode vxlan ]

undo interface tunnel tunnel-number

Default

No tunnel interfaces are created on the device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

tunnel-number: Specifies a tunnel interface number.

mode vxlan: Specifies the VXLAN tunnel mode.

Usage guidelines

To create a tunnel interface, you must specify a tunnel mode. To enter tunnel interface view, you do not need to specify the tunnel mode.

The tunnel interfaces at the two ends of a tunnel can use the same or different interface numbers.

Examples

# Create the VXLAN tunnel interface Tunnel 1 and enter tunnel interface view.

<Sysname> system-view

[Sysname] interface tunnel 1 mode vxlan

[Sysname-Tunnel1]

Related commands

·     destination

·     source

group

Use group to assign a VXLAN a multicast group address for flood traffic, and specify a source IP address for multicast VXLAN packets.

Use undo group to restore the default.

Syntax

group group-address source source-address

undo group group-address source source-address

Default

A VXLAN uses unicast mode (head-end replication) for flood traffic. No multicast group address or source IP address is specified for multicast VXLAN packets.

Views

VXLAN view

Predefined user roles

network-admin

mdc-admin

Parameters

group-address: Specifies a multicast address in the range of 224.0.1.0 to 239.255.255.255.

source source-address: Specifies a source IP address for multicast VXLAN packets.

Usage guidelines

To reduce traffic sent to the transport network, use multicast mode if the network has dense flood traffic or many VTEPs.

For multicast-mode VXLANs, transport network devices must maintain multicast group and forwarding information. To reduce the multicast forwarding entries maintained by transport network devices, assign a multicast group address to multiple VXLANs. The VTEP separates traffic between VXLANs by VXLAN IDs.

 

 

NOTE:

For VXLANs that use the same multicast group address, you must configure the same source IP address for their multicast VXLAN packets.

 

If you execute the group command multiple times for a VXLAN, the most recent configuration takes effect.

Examples

# Set the multicast group address to 233.1.1.1 for flood traffic in VXLAN 100. Set the source IP address to 2.1.1.1 for multicast VXLAN packets.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] vxlan 100

[Sysname-vsi-aaa-vxlan-100] group 233.1.1.1 source 2.1.1.1

Related commands

igmp host enable

hardware-resource vxlan

Use hardware-resource vxlan to set the VXLAN hardware resource allocation mode.

Use undo hardware-resource vxlan to restore the default.

Syntax

hardware-resource vxlan { mac | normal }

undo hardware-resource vxlan

Default

The VXLAN hardware resource allocation mode is normal.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

mac: Specifies the MAC address mode.

normal: Specifies the normal mode.

Usage guidelines

This command is available in Release 1138P01 and later versions.

The creation of VXLAN tunnels and MAC address entries requires hardware resources. The hardware resources on the device are limited. You can use this command to set the hardware resource allocation mode for VXLAN.

·     MAC address mode—Assigns more hardware resources to MAC address entries.

·     Normal mode—Assigns more hardware resources to VXLAN tunnels.

Examples

# Set the VXLAN hardware resource allocation mode to MAC address.

<Sysname> system-view

[Sysname] hardware-resource vxlan mac

Related commands

display hardware-resource (Fundamentals Command Reference)

igmp host enable

Use igmp host enable to enable the IGMP host feature on an interface.

Use undo igmp host enable to disable the IGMP host feature on an interface.

Syntax

igmp host enable

undo igmp host enable

Default

The IGMP host feature is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

For this command to take effect, you must use the multicast routing command to enable IP multicast routing.

You must configure an interface as an IGMP host if its IP address is the source IP address of multicast VXLAN packets. The IGMP host feature enables the interface to send IGMP reports in response to IGMP queries before it can receive traffic from a multicast group.

Examples

# Enable IP multicast routing, and then enable the IGMP host feature on VLAN-interface 10.

<Sysname> system-view

[Sysname] multicast routing

[Sysname-mrib] quit

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] igmp host enable

Related commands

·     display igmp host group

·     group

·     multicast routing (IP Multicast Command Reference)

l2vpn enable

Use l2vpn enable to enable L2VPN.

Use undo l2vpn enable to disable L2VPN.

Syntax

l2vpn enable

undo l2vpn enable

Default

L2VPN is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You must enable L2VPN before you can configure L2VPN settings.

Examples

# Enable L2VPN.

<Sysname> system-view

[Sysname] l2vpn enable

mac-address static

Use mac-address static to add a static remote-MAC address entry.

Use undo mac-address static to remove a static remote-MAC address entry.

Syntax

mac-address static mac-address interface tunnel tunnel-number vsi vsi-name

undo mac-address static [ mac-address ] [ interface tunnel tunnel-number ] vsi vsi-name

Default

VXLAN VSIs do not have static remote-MAC address entries.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

mac-address: Specifies a remote MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.

interface tunnel tunnel-number: Specifies the VXLAN tunnel interface for the remote MAC address. The tunnel-number argument represents the tunnel interface number. The tunnel interface must already exist.

vsi vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A remote MAC address is the MAC address of a VM in a remote site.

Remote MAC entries include the following types:

·     StaticManually added MAC entries.

·     Dynamic—MAC entries learned in the data plane from incoming traffic on VXLAN tunnels.

·     OpenFlow—MAC entries issued by a remote controller through OpenFlow.

For a remote address, the manual static entry has higher priority than the dynamic entry.

Examples

# Add the MAC address 000f-e201-0101 to the VSI vsi1, and specify Tunnel-interface 1 as the outgoing interface.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1

Related commands

vxlan tunnel mac-learning disable

reset arp suppression vsi

Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.

Syntax

reset arp suppression vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.

Examples

# Clear ARP flood suppression entries on all VSIs.

<Sysname> reset arp suppression vsi

This command will delete all entries. Continue? [Y/N]:y

Related commands

·     display arp suppression vsi

·     arp suppression enable

reset l2vpn mac-address

Use reset l2vpn mac-address to clear dynamic MAC address entries learned in the data plane on VSIs.

Syntax

reset l2vpn mac-address [ vsi vsi-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears the dynamic MAC address entries on all VSIs.

Usage guidelines

Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.

Examples

# Clear the dynamic MAC address entries on the VSI vpn1.

<Sysname> reset l2vpn mac-address vsi vpn1

Related commands

display l2vpn mac-address vsi

reset l2vpn statistics ac

Use reset l2vpn statistics ac to clear packet statistics on Ethernet service instances.

Syntax

reset l2vpn statistics ac [ interface interface-type interface-number service-instance instance-id ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies a Layer 2 interface by its type and number.

service-instance instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.

Usage guidelines

This command is available in Release 1138P01 and later versions.

If you do not specify any parameters, this command clears packet statistics on all Ethernet service instances.

Examples

# Clear packet statistics for Ethernet service instance 1 on FortyGigE 1/0/1.

<Sysname> reset l2vpn statistics ac interface fortygige 1/0/1 service-instance 1

Related commands

·     display l2vpn service-instance verbose

·     statistics enable (Ethernet service instance view)

reset l2vpn statistics vsi

Use reset l2vpn statistics vsi to clear packet statistics on VSIs.

Syntax

reset l2vpn statistics vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears packet statistics on all VSIs.

Examples

# Clear packet statistics on all VSIs.

<Sysname> reset l2vpn statistics vsi

Related commands

statistics enable (VSI view)

selective-flooding mac-address

Use selective-flooding mac-address to enable selective flood for a MAC address.

Use undo selective-flooding mac-address to disable selective flood for a MAC address.

Syntax

selective-flooding mac-address mac-address

undo selective-flooding mac-address mac-address

Default

Selective flood is not enabled for any MAC addresses.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Parameters

mac-address: Specifies a MAC address. The MAC address cannot be all Fs.

Usage guidelines

This command excludes a remote MAC address from the flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown-unicast floods are confined to the local site.

Examples

# Enable selective flood for 000f-e201-0101 on the VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101

Related commands

flooding disable

service-instance

Use service-instance to create an Ethernet service instance and enter Ethernet service instance view.

Use undo service-instance to delete an Ethernet service instance.

Syntax

service-instance instance-id

undo service-instance instance-id

Default

No Ethernet service instances exist on an interface.

Views

Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Predefined user roles

network-admin

mdc-admin

Parameters

instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.

Examples

# On the Layer 2 Ethernet interface FortyGigE 1/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] service-instance 1

[Sysname-FortyGigE1/0/1-srv1]

Related commands

display l2vpn service-instance

shutdown

Use shutdown to shut down a VSI.

Use undo shutdown to restore the default.

Syntax

shutdown

undo shutdown

Default

VSIs are up.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To temporarily disable a VSI to provide Layer 2 switching services, use this command. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.

Examples

# Shut down the VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] shutdown

Related commands

display l2vpn vsi

source

Use source to specify a source address or source interface for a tunnel.

Use undo source to restore the default.

Syntax

source { ipv4-address | interface-type interface-number }

undo source

Default

No source address or source interface is specified for a tunnel.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4-address: Specifies an IPv4 address.

interface-type interface-number: Specifies an interface by its type and number.

Examples

# Specify VLAN-interface 10 as the source interface of Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode vxlan

[Sysname-Tunnel1] source vlan-interface 10

# Specify 192.100.1.1 as the source address of Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode vxlan

[Sysname-Tunnel1] source 192.100.1.1

Related commands

·     destination

·     interface tunnel

statistic mode

Use statistic mode to set the packet statistic collection mode.

Use undo statistic mode to restore the default.

Syntax

statistic mode { ac | vsi }

undo statistic mode

Default

The packet statistic collection mode is VSI.

Views

System view

Predefined user roles

network-admin

Parameters

ac: Specifies the AC mode.

vsi: Specifies the VSI mode.

Usage guidelines

To enable packet statistics for an Ethernet service instance, perform the following tasks:

·     Enable packet statistics for the Ethernet service instance by using the statistics enable command.

·     Set the packet statistic collection mode to AC.

To enable packet statistics for a VSI and its associated VSI interface, perform the following tasks:

·     Enable packet statistics for the VSI by using the statistics enable command.

·     Set the packet statistic collection mode to VSI.

The statistic mode vsi command takes effect only if the VSI interface is associated with only one VSI.

You can use the statistic mode ac, statistic mode queue, or statistic mode vsi command to set the packet statistic collection mode. These commands overwrite each other.

Examples

# Set the packet statistic collection mode to VSI.

<Sysname> system-view

[Sysname] statistic mode vsi

Do you want to change the packet statistic mode? [Y/N]:y

Related commands

·     display interface vsi-interface

·     display l2vpn vsi verbose

·     display statistic mode

·     statistic mode queue (ACL and QoS Command Reference)

·     statistics enable (Ethernet service instance view)

·     statistics enable (VSI view)

statistics enable (Ethernet service instance view)

Use statistics enable to enable packet statistics for an Ethernet service instance.

Use undo statistics enable to disable packet statistics for an Ethernet service instance.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for an Ethernet service instance.

Views

Ethernet service instance view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is available in Release 1138P01 and later versions.

For this command to take effect, you must configure a frame match criterion for the Ethernet service instance and map it to a VSI. If you modify the frame match criterion or VSI mapping, packet statistics of the instance is cleared.

Examples

# Enable packet statistics for Ethernet service instance 200 on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] service-instance 200

[Sysname-FortyGigE1/0/1-srv200] statistics enable

Related command

·     display l2vpn service-instance verbose

·     reset l2vpn statistics ac

statistics enable (VSI view)

Use statistics enable to enable packet statistics for a VSI.

Use undo statistics enable to disable packet statistics for a VSI.

Syntax

statistics enable

undo statistics enable

Default

Packet statistics is disabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable packet statistics for the VSI vpls1.

<Sysname> system-view

[Sysname] vsi vpls1

[Sysname-vsi-vpls1] statistics enable

Related commands

·     reset l2vpn statistics vsi

·     display l2vpn vsi verbose

tunnel

Use tunnel to assign a VXLAN tunnel to a VXLAN.

Use undo tunnel to remove a VXLAN tunnel from a VXLAN.

Syntax

tunnel tunnel-number [ flooding-proxy ]

undo tunnel tunnel-number

Default

A VXLAN does not contain VXLAN tunnels.

Views

VXLAN view

Predefined user roles

network-admin

mdc-admin

Parameters

tunnel-number: Specifies a tunnel number in the range of 0 to 9214. The tunnel must be a VXLAN tunnel.

flooding-proxy: Enables flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs. If you do not specify this keyword, the VXLAN uses the unicast or multicast mode to forward flood traffic. This keyword is available in Release 1138P01 and later versions.

Usage guidelines

This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites.

You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs. For a unicast-mode VXLAN, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.

On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups that do not forward traffic when the primary proxy tunnel is operating correctly.

To change a flood proxy tunnel for a VXLAN, perform the following tasks:

·     Use the undo tunnel command to remove the flood proxy tunnel.

·     Use the tunnel command to enable flood proxy on another tunnel and assign the tunnel to the VXLAN.

Examples

# Assign VXLAN tunnels 0 and 1 to VXLAN 10000.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000] tunnel 0

[Sysname-vsi-vpna-vxlan-10000] tunnel 1

Related commands

display vxlan tunnel

tunnel global source-address

Use tunnel global source-address to specify a global source address for VXLAN tunnels.

Use undo tunnel global source-address to restore the default.

Syntax

tunnel global source-address ip-address

undo tunnel global source-address

Default

No global source address is specified for VXLAN tunnels.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies an IP address.

Usage guidelines

IMPORTANT

IMPORTANT:

For correct VXLAN deployment and VTEP management, do not manually specify tunnel-specific source addresses for VXLAN tunnels if OVSDB is used.

 

This command is available in Release 1138P01 and later versions.

A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.

The global source address takes effect only on VXLAN tunnels.

Examples

# Specify 1.1.1.1 as the global source address for VXLAN tunnels.

<Sysname> system-view

[Sysname] tunnel global source-address 1.1.1.1

vsi

Use vsi to create a VSI and enter VSI view.

Use undo vsi to delete a VSI.

Syntax

vsi vsi-name

undo vsi vsi-name

Default

No VSIs are created on the device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.

A VSI can provide services only for one VXLAN.

Examples

# Create the VSI vxlan10 and enter VSI view.

<Sysname> system-view

[Sysname] vsi vxlan10

[Sysname-vsi-vxlan10]

Related commands

display l2vpn vsi

vxlan

Use vxlan to create a VXLAN and enter VXLAN view.

Use undo vxlan to delete a VXLAN.

Syntax

vxlan vxlan-id

undo vxlan

Default

No VXLANs are created on the device.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

Usage guidelines

You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.

Examples

# Create VXLAN 10000 for VSI vpna and enter VXLAN view.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000]

Related commands

vsi

vxlan invalid-udp-checksum discard

Use vxlan invalid-udp-checksum discard to enable the device to drop the VXLAN packets that fail UDP checksum check.

Use undo vxlan invalid-udp-checksum discard to restore the default.

Syntax

vxlan invalid-udp-checksum discard

undo vxlan invalid-udp-checksum discard

Default

The device does not check the UDP checksum of VXLAN packets.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command enables the device to check the UDP checksum of VXLAN packets.

The device always sets the UDP checksum of VXLAN packets to 0. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is 0 or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.

Examples

# Enable the device to drop the VXLAN packets that fail UDP checksum check.

<Sysname> system-view

[Sysname] vxlan invalid-udp-checksum discard

Related commands

vxlan invalid-vlan-tag discard

vxlan invalid-vlan-tag discard

Use vxlan invalid-vlan-tag discard to enable the device to drop the VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header.

Use undo vxlan invalid-vlan-tag discard to restore the default.

Syntax

vxlan invalid-vlan-tag discard

undo vxlan invalid-vlan-tag discard

Default

The device does not check whether a VXLAN packet has 802.1Q VLAN tags in the inner Ethernet header.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If a remote VTEP uses the Ethernet access mode for an Ethernet service instance, its VXLAN packets might contain 802.1Q VLAN tags. To prevent the local VTEP from dropping the VXLAN packets, do not execute the vxlan invalid-vlan-tag discard command on the local VTEP.

To configure the access mode of an Ethernet service instance, use the xconnect vsi command.

Examples

# Enable the device to drop VXLAN packets that have 802.1Q VLAN tags.

<Sysname> system-view

[Sysname] vxlan invalid-vlan-tag discard

Related commands

·     vxlan invalid-udp-checksum discard

·     xconnect vsi

vxlan ip-forwarding

Use vxlan ip-forwarding to enable Layer 3 forwarding for all VXLANs.

Use undo vxlan ip-forwarding to enable Layer 2 forwarding for all VXLANs.

Syntax

vxlan ip-forwarding [ tagged | untagged ]

undo vxlan ip-forwarding

Default

Layer 3 forwarding is enabled for VXLANs, and VXLAN packets do not carry VLAN tags.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

tagged: Specifies the tagged mode. In this mode, the VTEP adds a VLAN tag to a VXLAN packet. This keyword is available in Release 1138P01 and later versions.

untagged: Specifies the untagged mode. In this mode, the VTEP does not add a VLAN tag to a VXLAN packet. This keyword is available in Release 1138P01 and later versions.

Usage guidelines

Enable Layer 3 forwarding for VXLANs if the VTEP acts as a VXLAN IP gateway. Enable Layer 2 forwarding for VXLANs if the VTEP does not act as a VXLAN IP gateway.

In Layer 3 forwarding mode, the VTEP uses the ARP table to forward traffic for VXLANs. In Layer 2 forwarding mode, the VTEP uses the MAC address table to forward traffic for VXLANs.

If you enable Layer 3 forwarding for VXLANs, the tagging status of VXLAN packets is not determined by the link type of the outgoing interface. You must use this command to set the tagging mode of VXLAN packets.

·     Set the tagging mode to untagged if the following requirements are met:

¡     The link type of the outgoing interface is access, trunk, or hybrid.

¡     VXLAN packets are transmitted to the next hop through the PVID of the outgoing interface.

·     Set the tagging mode to tagged if the following requirements are met:

¡     The link type of the outgoing interface is trunk or hybrid.

¡     VXLAN packets are transmitted to the next hop through a VLAN other than the PVID of the outgoing interface.

You must delete all VSIs, VSI interfaces, and VXLAN tunnel interfaces before you can change the forwarding mode.

You must delete all VXLAN tunnel interfaces before you can change the tagging mode of VXLAN packets.

If you do not set the tagging mode when you execute this command, the untagged mode is used.

Examples

# Enable Layer 2 forwarding for all VXLANs.

<Sysname>system-view

[Sysname] undo vxlan ip-forwarding

Related commands

interface tunnel

vxlan local-mac report

Use vxlan local-mac report to enable VXLAN local-MAC change logging.

Use undo vxlan local-mac report to restore the default.

Syntax

vxlan local-mac report

undo vxlan local-mac report

Default

VXLAN local-MAC change logging is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Local-MAC change logging enables VXLAN to send a log message to the information center when a local MAC address is added or removed.

With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Enable VXLAN local-MAC change logging.

<Sysname> system-view

[Sysname] vxlan local-mac report

vxlan tunnel arp-learning disable

Use vxlan tunnel arp-learning disable to disable remote ARP learning for VXLANs.

Use undo vxlan tunnel arp-learning disable to restore the default.

Syntax

vxlan tunnel arp-learning disable

undo vxlan tunnel arp-learning disable

Default

Remote ARP learning is enabled for VXLANs.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is available in Release 1138P01 and later versions.

By default, the device learns ARP information of remote VMs from packets received on VXLAN tunnel interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries. After the entry synchronization is completed, use the undo vxlan tunnel arp-learning disable command to enable remote ARP learning.

As a best practice, disable remote ARP learning for VXLANs only when the controller and VTEPs are synchronizing entries.

Examples

# Disable remote ARP learning for VXLANs.

<Sysname> system

[Sysname] vxlan tunnel arp-learning disable

vxlan tunnel mac-learning disable

Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.

Use undo vxlan tunnel mac-learning disable to restore the default.

Syntax

vxlan tunnel mac-learning disable

undo vxlan tunnel mac-learning disable

Default

Remote-MAC address learning is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.

Examples

# Disable remote-MAC address learning.

<Sysname> system-view

[Sysname] vxlan tunnel mac-learning disable

vxlan udp-port

Use vxlan udp-port to configure the destination UDP port number of VXLAN packets.

Use undo vxlan udp-port to restore the default.

Syntax

vxlan udp-port port-number

undo vxlan udp-port

Default

The destination UDP port number is 4789 for VXLAN packets.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.

Usage guidelines

You must configure the same destination UDP port number on all VTEPs in a VXLAN.

Examples

# Set the destination UDP port number to 6666 for VXLAN packets.

<Sysname> system-view

[Sysname] vxlan udp-port 6666

xconnect vsi

Use xconnect vsi to map an Ethernet service instance to a VSI.

Use undo xconnect vsi to remove the mapping between an Ethernet service instance and a VSI.

Syntax

xconnect vsi vsi-name [ access-mode { ethernet | vlan } ]

undo xconnect vsi

Default

An Ethernet service instance is not mapped to any VSI.

Views

Ethernet service instance view

Predefined user roles

network-admin

mdc-admin

Parameters

vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.

access-mode: Specifies an access mode. By default, the access mode is VLAN.

ethernet: Specifies the Ethernet access mode.

vlan: Specifies the VLAN access mode.

Usage guidelines

To configure this command, you must first use the encapsulation command to add a traffic match criterion to the Ethernet service instance.

For traffic that matches the Ethernet service instance, the system uses the VSI's MAC address table to make a forwarding decision.

The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.

·     VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.

¡     For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.

¡     For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.

In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.

·     Ethernet access modeThe VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.

¡     For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.

¡     For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.

In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.

Examples

# On FortyGigE 1/0/1, configure Ethernet service instance 200 to match frames with an outer 802.1Q VLAN tag of 200, and map the instance to the VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] quit

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] service-instance 200

[Sysname-FortyGigE1/0/1-srv200] encapsulation s-vid 200

[Sysname-FortyGigE1/0/1-srv200] xconnect vsi vpn1

Related commands

·     display l2vpn interface

·     display l2vpn service-instance

·     encapsulation

·     vsi

VXLAN IP gateway commands

arp send-rate

Use arp send-rate to set an ARP packet sending rate limit for a VSI interface.

Use undo arp send-rate to remove the ARP packet sending rate limit for a VSI interface.

Syntax

arp send-rate pps

undo arp send-rate

Default

The ARP packet sending rate is not limited for a VSI interface.

Views

VSI interface view

Predefined user roles

network-admin

mdc-admin

Parameters

pps: Specifies a rate limit in the range of 1 to 500 pps.

Usage guidelines

This command is available in Release 1138P01 and later versions.

VMs have limited capacity to process packets. To prevent packet processing from degrading VM performance, limit the ARP packet sending rate of the VSI interface for VMs. The VTEP will drop excess ARP packets if the rate limit is exceeded.

Examples

# Set the ARP packet sending rate limit to 50 pps for VSI-interface 1.

<Sysname> system

[Sysname] interface vsi-interface 1

[Sysname-Vsi-interface1] arp send-rate 50

bandwidth

Use bandwidth to set the expected bandwidth for a VSI interface.

Use undo bandwidth to restore the default.

Syntax

bandwidth bandwidth-value

undo bandwidth

Default

The expected bandwidth is 1000000 kbps for a VSI interface.

Views

VSI interface view

Predefined user roles

network-admin

mdc-admin

Parameters

bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.

Usage guidelines

The expected bandwidth of an interface affects CBQ bandwidth in QoS and link costs in OSPF and IS-IS. For more information, see ACL and QoS Configuration Guide and Layer 3—IP Routing Configuration Guide.

Examples

# Set the expected bandwidth to 10000 kbps for VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-Vsi-interface100] bandwidth 10000

default

Use default to restore the default settings for a VSI interface.

Syntax

default

Views

VSI interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

CAUTION

CAUTION:

The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you execute it on a live network.

 

This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.

To resolve this problem:

1.     Use the display this command in interface view to identify these commands.

2.     Use their undo forms or follow the command reference to restore their default settings.

3.     If the restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings for VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-Vsi-interface100] default

This command will restore the default settings. Continue? [Y/N]:y

description

Use description to configure a description for a VSI interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description of a VSI interface is interface-name plus Interface (for example, Vsi-interface100 Interface).

Views

VSI interface view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies an interface description, a case-sensitive string of 1 to 255 characters.

Examples

# Configure the description as gateway for VXLAN 10 for VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-Vsi-interface100] description gateway for VXLAN 10

display interface vsi-interface

Use display interface vsi-interface to display information about VSI interfaces.

Syntax

display interface [ vsi-interface [ vsi-interface-id ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

vsi-interface [ vsi-interface-id ]: Specifies VSI interfaces. If you specify a VSI interface number, this command displays information about the specified interface. If you specify only the vsi-interface keyword, this command displays information about all VSI interfaces. If you do not specify the vsi-interface [ vsi-interface-id ] option, this command displays information about all interfaces.

brief: Display brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.

down: Displays interfaces that are physically down as well as the down reason. If you do not specify this keyword, the command does not filter output by physical interface state.

Examples

# Display information about VSI-interface 100.

<Sysname> display interface vsi-interface 100

Vsi-interface100

Current state: UP

Line protocol state: UP

Description: Vsi-interface100 Interface

Bandwidth: 1000000kbps

Maximum transmission unit: 1500

Internet Address is 10.1.1.1/24 Primary

IP Packet Frame Type:PKTFMT_ETHNT_2, Hardware Address: 0011-2200-0102

IPv6 Packet Frame Type:PKTFMT_ETHNT_2, Hardware Address: 0011-2200-0102

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Table 9 Command output

Field

Description

Current state

State of the interface:

·     Administratively DOWN—The interface has been shut down by using the shutdown command.

·     DOWN—The interface is administratively up, but its physical state is down.

·     UP—The interface is both administratively and physically up.

Line protocol state

Data link layer protocol state of the interface:

·     UP—The data link layer protocol is up.

·     UP (spoofing)The data link layer protocol is up, but the link is an on-demand link or does not exist. This attribute is available for null interfaces and loopback interfaces.

·     DOWN—The data link layer protocol is down.

Description

Description of the interface.

Bandwidth

Expected bandwidth of the interface.

Maximum transmission unit

MTU of the interface.

Internet Address

IP address of the interface:

·     If the interface is assigned an IP address, this field displays the IP address. Primary indicates that the address is the primary IP address.

·     If the interface is not assigned an IP address, this field changes to Internet protocol processing: disabled. The interface cannot process IP packets.

IP Packet Frame Type, Hardware Address

IPv4 packet framing format and MAC address.

IPv6 Packet Frame Type, Hardware Address

IPv6 packet framing format and MAC address. The current software version does not support this field.

Physical

Physical type of the interface, which is fixed at Unknown.

baudrate

Interface baudrate in kbps.

Last clearing of counters

Last time when the reset counters interface command was used to clear interface statistics.

This field displays Never if the reset counters interface command has never been used on the interface since the device startup.

Last 300 seconds input rate

Average input rate for the last 300 seconds.

Last 300 seconds output rate

Average output rate for the last 300 seconds.

Input: 0 packets, 0 bytes, 0 drops

Incoming traffic statistics on the interface:

·     Number of incoming packets.

·     Number of incoming bytes.

·     Number of dropped packets.

Output: 0 packets, 0 bytes, 0 drops

Outgoing traffic statistics on the interface:

·     Number of outgoing packets.

·     Number of outgoing bytes.

·     Number of dropped packets.

 

# Display brief information about all VSI interfaces.

<Sysname> display interface vsi-interface brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Main IP         Description

Vsi100               DOWN DOWN     --

# Display brief information and complete description for VSI-interface 100.

<Sysname> display interface vsi-interface 100 brief description

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Main IP         Description

Vsi100               UP    UP      1.1.1.1         VSI-interface100

# Displays interfaces that are physically down and the down reason.

<Sysname> display interface brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface            Link Cause

Vsi100               DOWN Administratively

Vsi200               DOWN Administratively

Table 10 Command output

Field

Description

Interface

Abbreviated interface name.

Link

Physical state of the interface:

·     UP—The interface is physically up.

·     DOWN—The interface is physically down.

·     ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command.

·     Stby—The interface is in standby state. This state is not supported in the current software version.

Protocol

Data link layer protocol state of the interface:

·     UP—The data link layer protocol is up.

·     UP (s)The data link layer protocol is up, but the link is an on-demand link or does not exist. This attribute is available for null interfaces and loopback interfaces.

·     DOWN—The data link layer protocol is down.

Main IP

Primary IP address of the interface.

Description

Description of the interface.

Cause

Down reason for the interface:

·     Administratively—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command.

·     Not connected—The interface is not mapped to any VSI, or the mapped VSI does not have any AC or PW.

 

Related commands

reset counters interface

gateway vsi-interface

Use gateway vsi-interface to specify a gateway interface for a VSI.

Use undo gateway vsi-interface to restore the default.

Syntax

gateway vsi-interface vsi-interface-id

undo gateway vsi-interface

Default

No gateway interface is specified for a VSI.

Views

VSI view

Predefined user roles

network-admin

mdc-admin

Parameters

vsi-interface-id: Specifies a VSI interface by its number in the range of 0 to 4093.

Usage guidelines

A VSI can have only one gateway interface. Multiple VSIs cannot share a gateway interface.

Examples

# Specify VSI-interface 100 as the gateway interface for the VSI vpna.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] gateway vsi-interface 100

Related commands

interface vsi-interface

interface vsi-interface

Use interface vsi-interface to create a VSI interface and enter VSI interface view.

Use undo interface vsi-interface to delete a VSI interface.

Syntax

interface vsi-interface vsi-interface-id

undo interface vsi-interface vsi-interface-id

Default

No VSI interfaces are created on the device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

vsi-interface-id: Specifies a VSI interface number in the range of 0 to 4093.

Examples

# Create VSI-interface 100 and enter VSI interface view.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-Vsi-interface100]

Related commands

gateway vsi-interface

mtu

Use mtu to set the MTU for a VSI interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

The MTU is 1500 bytes for a VSI interface.

Views

VSI interface view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Specifies an MTU value. In software versions earlier than Release 1138P01, the MTU value range is 46 to 1500 bytes. In Release 1138P01 and later versions, the MTU value range is 46 to 9008 bytes.

Examples

# Set the MTU to 1430 bytes for VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-Vsi-interface100] mtu 1430

reset counters interface vsi-interface

Use reset counters interface to clear packet statistics on VSI interfaces.

Syntax

reset counters interface [ vsi-interface [ vsi-interface-id ] ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

vsi-interface [ vsi-interface-id ]: Specifies VSI interfaces. If you specify a VSI interface number in the range of 0 to 1023, this command clears packet statistics on the specified interface. If you specify only the vsi-interface keyword, this command clears packet statistics on all VSI interfaces. If you do not specify the vsi-interface [ vsi-interface-id ] option, this command clears packet statistics on all interfaces.

Usage guidelines

Use this command to clear history statistics before you collect traffic statistics for a time period.

Examples

# Clear packet statistics on VSI-interface 100.

<Sysname> reset counters interface vsi-interface 100

Related commands

display interface

shutdown

Use shutdown to shut down a VSI interface.

Use undo shutdown to bring up a VSI interface.

Syntax

shutdown

undo shutdown

Default

A VSI interface is up.

Views

VSI interface view

Predefined user roles

network-admin

mdc-admin

Examples

# Shut down VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-Vsi-interface100] shutdown

vtep group member local

Use vtep group member local to assign the local VTEP to a VTEP group.

Use undo vtep group member local to remove the local VTEP from a VTEP group.

Syntax

vtep group group-ip member local member-ip

undo vtep group group-ip member local

Default

A VTEP is not assigned to any VTEP group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-ip: Specifies a VTEP group by its group IP address. The IP address must already exist on the local VTEP.

member-ip: Specifies the member VTEP IP address for the local VTEP. The IP address must already exist on the local VTEP.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Member VTEPs in a VTEP group cannot use the group IP address or share an IP address.

Examples

# Assign the local VTEP to the VTEP group 1.1.1.1, and specify 2.2.2.2 as the member VTEP IP address of the local VTEP.

<Sysname> system-view

[Sysname] vtep group 1.1.1.1 member local 2.2.2.2

Related commands

vtep group member remote

vtep group member remote

Use vtep group member remote to specify a VTEP group and its member VTEPs.

Use undo vtep group member remote to remove a VTEP group and its member VTEPs.

Syntax

vtep group group-ip member remote member-ip&<1-8>

undo vtep group group-ip member remote

Default

No VTEP group is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-ip: Specifies a VTEP group by its group IP address.

member-ip&<1-8>: Specifies a space-separated list of up to eight member VTEP IP addresses.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Examples

# Specify the VTEP group 1.1.1.1 and its member VTEPs at 2.2.2.2, 3.3.3.3, and 4.4.4.4.

<Sysname> system-view

[Sysname] vtep group 1.1.1.1 member remote 2.2.2.2 3.3.3.3 4.4.4.4

Related commands

vtep group member local

OVSDB commands

OVSDB commands are available in Release 1138P01 and later versions.

ovsdb server bootstrap ca-certificate

Use ovsdb server bootstrap ca-certificate to specify a CA certificate file for establishing OVSDB SSL connections.

Use undo ovsdb server bootstrap ca-certificate to restore the default.

Syntax

ovsdb server bootstrap ca-certificate ca-filename

undo ovsdb server bootstrap ca-certificate

Default

SSL uses the CA certificate file in the PKI domain.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ca-filename: Specifies the CA certificate file name, a case-insensitive string. The file name cannot contain the slot string, and the file must be stored on the active MPU.

Usage guidelines

For the specified certificate to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.

If the specified CA certificate file does not exist, the device obtains a self-signed certificate from the controller. The obtained file uses the name specified for the ca-filename argument.

Examples

# Specify the CA certificate file ca-new for establishing OVSDB SSL connections.

<Sysname> system-view

[Sysname] ovsdb server bootstrap ca-certificate ca-new

Related commands

·     ovsdb server enable

·     ovsdb server pki domain

·     ovsdb server pssl

·     ovsdb server ssl

ovsdb server enable

Use ovsdb server enable to enable the OVSDB server.

Use undo ovsdb server enable to disable the OVSDB server.

Syntax

ovsdb server enable

undo ovsdb server enable

Default

The OVSDB server is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To obtain configuration data from controllers, you must enable the OVSDB server.

Before you enable the OVSDB server, you must establish an OVSDB SSL or TCP connection with a minimum of one controller.

Examples

# Enable the OVSDB server.

<Sysname> system-view

[Sysname] ovsdb server enable

Related commands

·     ovsdb server pssl

·     ovsdb server ptcp

·     ovsdb server ssl

·     ovsdb server tcp

ovsdb server pki domain

Use ovsdb server pki domain to specify a PKI domain for establishing OVSDB SSL connections.

Use undo ovsdb bootstrap server pki domain to restore the default.

Syntax

ovsdb server pki domain domain-name

undo ovsdb server pki domain

Default

No PKI domain is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

domain-name: Specifies a PKI domain name, a case-sensitive string of 1 to 31 characters. The PKI domain must already exist and contain a complete certificate and key.

Usage guidelines

To communicate with controllers through SSL, you must specify a PKI domain.

For the specified PKI domain to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.

Examples

# Specify the PKI domain ovsdb_test for establishing OVSDB SSL connections.

<Sysname> system-view

[Sysname] ovsdb server pki domain ovsdb_test

Related commands

·     ovsdb server bootstrap ca-certificate

·     ovsdb server enable

·     ovsdb server pssl

·     ovsdb server ssl

ovsdb server pssl

Use ovsdb server pssl to enable the device to listen for OVSDB SSL connection requests.

Use undo ovsdb server pssl to restore the default.

Syntax

ovsdb server pssl [ port port-number ]

undo ovsdb server pssl

Default

The device does not listen for OVSDB SSL connection requests.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

port port-number: Specifies a port to listen for OVSDB SSL connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the port number 6640.

Usage guidelines

Before you use this command, you must specify a PKI domain for SSL.

You can specify only one port to listen for OVSDB SSL connection requests. If you execute this command multiple times, the most recent configuration takes effect.

For the specified port setting to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.

Examples

# Enable the device to listen for OVSDB SSL connection requests on port 6640.

<Sysname> system-view

[Sysname] ovsdb server pssl

Related commands

·     ovsdb server bootstrap ca-certificate

·     ovsdb server enable

·     ovsdb server pki domain

·     ovsdb server ssl

ovsdb server ptcp

Use ovsdb server ptcp to enable the device to listen for OVSDB TCP connection requests.

Use undo ovsdb server ptcp to restore the default.

Syntax

ovsdb server ptcp [ port port-number ]

undo ovsdb server ptcp

Default

The device does not listen for OVSDB TCP connection requests.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

port-number: Specifies a port to listen for OVSDB TCP connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the port number 6640.

Usage guidelines

You can specify only one port to listen for OVSDB TCP connection requests. If you execute this command multiple times, the most recent configuration takes effect.

For the specified port setting to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.

Examples

# Enable the device to listen for OVSDB TCP connection requests on port 6640.

<Sysname> system-view

[Sysname] ovsdb server ptcp

Related commands

·     ovsdb server enable

·     ovsdb server tcp

ovsdb server ssl

Use ovsdb server ssl to set up an active OVSDB SSL connection to a controller.

Use undo ovsdb server ssl to remove an OVSDB SSL connection.

Syntax

ovsdb server ssl ip ip-address port port-number

undo ovsdb server ssl ip ip-address port port-number

Default

The device does not have active OVSDB SSL connections.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies the destination IP address for the SSL connection.

port port-number: Specifies the destination port for the SSL connection. The value range for the port-number argument is 1 to 65535.

Usage guidelines

Before you use this command, you must specify a PKI domain for SSL.

The device can have a maximum of eight active SSL connections.

To establish the connection, you must execute the ovsdb server enable command. You must disable and then re-enable the OVSDB server if it has been enabled.

Examples

# Set up an active SSL connection to port 6632 at 192.168.12.2.

<Sysname> system-view

[Sysname] ovsdb server ssl ip 192.168.12.2 port 6632

Related commands

·     ovsdb server bootstrap ca-certificate

·     ovsdb server enable

·     ovsdb server pki domain

·     ovsdb server pssl

ovsdb server tcp

Use ovsdb server tcp to set up an active OVSDB TCP connection to a controller.

Use undo ovsdb server tcp to remove an OVSDB TCP connection.

Syntax

ovsdb server tcp ip ip-address port port-number

undo ovsdb server tcp ip ip-address port port-number

Default

The device does not have active TCP connections.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies the destination IP address for the TCP connection.

port port-number: Specifies the destination port for the TCP connection. The value range for the port-number argument is 1 to 65535.

Usage guidelines

The device can have a maximum of eight active OVSDB TCP connections.

To establish the connection, you must execute the ovsdb server enable command. You must disable and then re-enable the OVSDB server if it has been enabled.

Examples

# Set up an active OVSDB TCP connection to port 6632 at 192.168.12.2.

<Sysname> system-view

[Sysname] ovsdb server tcp ip 192.168.12.2 port 6632

Related commands

·     ovsdb server enable

·     ovsdb server ptcp

vtep access port

Use vtep access port to specify a site-facing interface as a VTEP access port.

Use undo vtep access port to restore the default.

Syntax

vtep access port

undo vtep access port

Default

An interface is not a VTEP access port.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

For controllers to manage a site-facing interface, you must specify the interface as a VTEP access port.

Examples

# Specify FortyGigE 1/0/1 as a VTEP access port.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] vtep access port

vtep enable

Use vtep enable to enable the OVSDB VTEP service.

Use undo vtep enable to disable the OVSDB VTEP service.

Syntax

vtep enable

undo vtep enable

Default

The OVSDB VTEP service is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the OVSDB VTEP service.

<Sysname> system-view

[Sysname] vtep enable

vxlan tunnel service node

Use vxlan tunnel service node to enable flood proxy on multicast VXLAN tunnels.

Use undo vxlan tunnel service node to disable flood proxy on multicast VXLAN tunnels.

Syntax

vxlan tunnel service node

undo vxlan tunnel service node

Default

Flood proxy is disabled on multicast VXLAN tunnels.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you use a flood proxy server, you must enable flood proxy globally on multicast tunnels. Then the multicast tunnels are converted into flood proxy tunnels. The VTEP sends broadcast, multicast, and unknown unicast traffic for a VXLAN to the flood proxy server through the tunnels. The flood proxy server then replicates and forwards flood traffic to remote VTEPs.

The vxlan tunnel service node command and its undo form affect only VXLAN tunnels that are issued after the vxlan tunnel service node command.

Examples

# Enable flood proxy on all multicast VXLAN tunnels.

<Sysname> system

[Sysname] vxlan tunnel service node

 

 


Index

A B D E F G H I L M O R S T V X


A

arp send-rate,39

arp suppression enable,1

B

bandwidth,40

D

default,41

description,41

description,2

destination,2

display arp suppression vsi,3

display igmp host group,4

display interface tunnel,13

display interface vsi-interface,42

display l2vpn mac-address,6

display l2vpn service-instance,7

display l2vpn vsi,10

display statistic mode,14

display vxlan tunnel,15

E

encapsulation,16

F

flooding disable,17

G

gateway vsi-interface,45

group,19

H

hardware-resource vxlan,20

I

igmp host enable,21

interface tunnel,18

interface vsi-interface,46

L

l2vpn enable,21

M

mac-address static,22

mtu,46

O

ovsdb server bootstrap ca-certificate,49

ovsdb server enable,50

ovsdb server pki domain,51

ovsdb server pssl,52

ovsdb server ptcp,52

ovsdb server ssl,53

ovsdb server tcp,54

R

reset arp suppression vsi,23

reset counters interface vsi-interface,47

reset l2vpn mac-address,23

reset l2vpn statistics ac,24

reset l2vpn statistics vsi,24

S

selective-flooding mac-address,25

service-instance,26

shutdown,47

shutdown,26

source,27

statistic mode,28

statistics enable (Ethernet service instance view),29

statistics enable (VSI view),29

T

tunnel,30

tunnel global source-address,31

V

vsi,32

vtep access port,55

vtep enable,55

vtep group member local,48

vtep group member remote,49

vxlan,33

vxlan invalid-udp-checksum discard,33

vxlan invalid-vlan-tag discard,34

vxlan ip-forwarding,35

vxlan local-mac report,36

vxlan tunnel arp-learning disable,36

vxlan tunnel mac-learning disable,37

vxlan tunnel service node,56

vxlan udp-port,37

X

xconnect vsi,38


 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网