Contents

Basic VXLAN commands· 1

arp suppression enable· 1

description· 1

display arp suppression vsi 2

display l2vpn forwarding ac· 3

display l2vpn mac-address· 4

display l2vpn service-instance· 6

display l2vpn vsi 8

display statistic mode· 11

display vxlan tunnel 11

encapsulation· 12

flooding disable· 14

l2vpn enable· 14

mac-address static vsi 15

overlay oam enable· 16

ping vxlan· 17

reserved vxlan· 20

reset arp suppression vsi 21

reset l2vpn mac-address· 21

reset l2vpn statistics ac· 22

reset l2vpn statistics vsi 22

rewrite inbound tag· 23

rewrite outbound tag· 24

selective-flooding mac-address· 25

service-instance· 26

shutdown· 26

statistic mode· 27

statistics enable (Ethernet service instance view) 28

statistics enable (VSI view) 28

tracert vxlan· 29

tunnel 31

tunnel global source-address· 33

vsi 33

vxlan· 34

vxlan invalid-udp-checksum discard· 35

vxlan invalid-vlan-tag discard· 35

vxlan ip-forwarding· 36

vxlan local-mac report 37

vxlan tunnel mac-learning disable· 37

vxlan udp-port 38

xconnect vsi 39

 

Basic VXLAN commands

arp suppression enable

Use arp suppression enable to enable ARP flood suppression.

Use undo arp suppression enable to disable ARP flood suppression.

Syntax

arp suppression enable

undo arp suppression enable

Default

ARP flood suppression is disabled.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.

This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.

Examples

# Enable ARP flood suppression for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] arp suppression enable

Related commands

display arp suppression vsi

reset arp suppression vsi

description

Use description to configure a description for a VSI.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A VSI does not have a description.

Views

VSI view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 80 characters.

Examples

# Configure a description for VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] description vsi for vpn1

Related commands

display l2vpn vsi

display arp suppression vsi

Use display arp suppression vsi to display ARP flood suppression entries.

Syntax

display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on the active MPU.

count: Displays the number of ARP flood suppression entries that match the command.

Examples

# Display ARP flood suppression entries.

<Sysname> display arp suppression vsi

IP address      MAC address    VSI name                    Link ID    Aging(min)

1.1.1.2         000f-e201-0101 vsi1                        0x70000    14

1.1.1.3         000f-e201-0202 vsi1                        0x80000    18

1.1.1.4         000f-e201-0203 vsi2                        0x90000    10

# Display the number of ARP flood suppression entries.

<Sysname> display arp suppression vsi count

Total entries: 3

Table 1 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Aging	Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted.

 

Related commands

arp suppression enable

reset arp suppression vsi

display l2vpn forwarding ac

Use display l2vpn forwarding ac to display L2VPN AC forwarding information.

Syntax

display l2vpn forwarding ac [ vsi vsi-name ] [ slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Displays L2VPN forwarding information for a VSI. The vsi-name argument specifies the VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN forwarding information for all VSIs.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays L2VPN forwarding information for the active MPU.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Examples

# Display brief AC forwarding information for all VSIs.

<Sysname> display l2vpn forwarding ac

Total number of VSIs: 1

Total number of ACs: 2 up, 0 down

 

AC                               VSI Name                        Link ID

HGE1/0/1 srv1                    test                            3

HGE1/0/1 srv2                    test                            4

Table 2 Command output

Field	Description
Total number of VSIs	Total number of VSIs, including VSIs that are not bound to any ACs.
AC	AC type: Layer 2 interface and Ethernet service instance.
Link ID	Link ID of the AC in the VSI.

 

# Display detailed AC forwarding information for all VSIs.

<Sysname> display l2vpn forwarding ac verbose

 

VSI Name: vpls2

  Interface: HGE1/0/3  Service Instance: 4

    Link ID      : 1

    Access Mode  : VLAN

    State        : UP

    Encapsulation: s-vid 10

    Bandwidth    : Unlimited

    Type         : Manual

Table 3 Command output

Field	Description
Service Instance	Ethernet service instance ID.
Link ID	Link ID of the AC in the VSI.
Access Mode	AC access mode: ·     VLAN. ·     Ethernet.
State	AC state.
Encapsulation	Frame match criterion of the Ethernet service instance.
Bandwidth	Maximum bandwidth in kbps for traffic on the AC. If this field displays Unlimited, the traffic bandwidth of the AC is not limited.
Type	Ethernet service instance type. This field can only be Manual, which indicates that the Ethernet service instance is manually created.

 

display l2vpn mac-address

Use display l2vpn mac-address to display MAC address entries for VSIs.

Syntax

display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.

dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:

·     Dynamic remote- and local-MAC entries.

·     Remote-MAC entries advertised through BGP EVPN.

·     Manually added static remote- and local-MAC entries.

·     Remote-MAC entries issued through OpenFlow.

count: Displays the number of MAC address entries.

verbose: Displays detailed information about MAC address entries.

Usage guidelines

If you do not specify the count or verbose keyword, this command displays brief information about MAC address entries.

Examples

# Display brief information about MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address

MAC Address      State    VSI Name                        Link ID/Name  Aging

0000-0000-000b   Static   vpn1                            Tunnel10      NotAging

0000-0000-000c   Dynamic  vpn1                            Tunnel60      Aging

0000-0000-000d   Dynamic  vpn1                            Tunnel99      Aging

--- 3 mac address(es) found  ---

# Display the total number of MAC address entries in all VSIs.

<Sysname> display l2vpn mac-address count

3 mac address(es) found

Table 4 Command output

Field	Description
State	Entry state: ·     Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. ·     Static—Static local- and remote-MAC entry. ·     EVPN—Remote-MAC entry advertised through BGP EVPN. ·     OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow.
Link ID/Name	For a local MAC address, this field displays the name of the interface that hosts the Ethernet service instance for the MAC address. For a remote MAC address, this field displays the tunnel interface name.
Aging	Entry aging state: ·     Aging. ·     NotAging.

 

# Display detailed information about MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address verbose

MAC Address : 0000-0000-000b

VSI Name    : vpn1

VXLAN ID    : 123

Interface   : HGE1/0/1

Link ID     : 1

State       : Dynamic

Aging       : Aging

Table 5 Command output

Field	Description
Interface	For a local MAC address, this field displays the name of the interface that hosts the Ethernet service instance for the MAC address. For a remote MAC address, this field displays the tunnel interface name.
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
State	Entry state: ·     Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. ·     Static—Static local- or remote-MAC entry. ·     EVPN—Remote-MAC entry advertised through BGP EVPN. ·     OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow.
Aging	Entry aging state: ·     Aging. ·     NotAging.

 

Related commands

reset l2vpn mac-address

display l2vpn service-instance

Use display l2vpn service-instance to display information about Ethernet service instances.

Syntax

display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, this command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.

service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays information about all Ethernet service instances on the specified Layer 2 Ethernet interface or Layer 2 aggregate interface.

verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.

Examples

# Display brief information about all Ethernet service instances.

<Sysname> display l2vpn service-instance

Total number of service-instances: 4, 4 up, 0 down

Total number of ACs: 2, 2 up, 0 down

 

Interface                SrvID Owner                           LinkID State Type

HGE1/0/1                 3     vsi12                           1      Up    VSI

HGE1/0/1                 4     vsi13                           1      Up    VSI

Table 6 Command output

Field	Description
Total number of ACs	Total number of attachment circuits (ACs) and the number of ACs in each state (up or down).
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
SrvID	Ethernet service instance ID.
Owner	VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI.
LinkID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: ·     Up. ·     Down.
Type	L2VPN type of the Ethernet service instance: ·     VSI. ·     VPWS.

 

# Display detailed information about all Ethernet service instances on HundredGigE 1/0/1.

<Sysname> display l2vpn service-instance interface hundredgige 1/0/1 verbose

Interface: HGE1/0/1

  Service Instance: 1

    Type          : Manual

    Encapsulation : s-vid 16

    Bandwidth     : -

    VSI Name      : vsi10

    Link ID       : 1

    State         : Up

    Statistics    : Enabled

    Input Statistics:

      Octets   :0

      Packets  :0

    Output Statistics:

      Octets   :0

      Packets  :0

Table 7 Command output

Field	Description
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
Service Instance	Ethernet service instance ID.
Type	Type and traffic match mode of the Ethernet service instance. Manual represents a static Ethernet service instance in VLAN-based traffic match mode.
Encapsulation	Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain a match criterion, the command does not display this field.
Bandwidth	Bandwidth limit in kbps. If no bandwidth limit is set for the Ethernet service instance, Unlimited is displayed.
Link ID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: ·     Up. ·     Down.
Statistics	Packet statistics state: ·     Enabled—The packet statistics feature is enabled for the Ethernet service instance. ·     Disabled—The packet statistics feature is disabled for the Ethernet service instance.
Input Statistics	Incoming traffic statistics: ·     Octets—Number of incoming bytes. ·     Packets—Number of incoming packets.
Output Statistics	Outgoing traffic statistics: ·     Octets—Number of outgoing bytes. ·     Packets—Number of outgoing packets.

 

Related commands

service-instance

display l2vpn vsi

Use display l2vpn vsi to display information about VSIs.

Syntax

display l2vpn vsi [ name vsi-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.

verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.

Examples

# Display brief information about all VSIs.

<Sysname> display l2vpn vsi

Total number of VSIs: 1, 0 up, 1 down, 0 admin down

 

VSI Name                        VSI Index       State

vpna                            0               Down

Table 8 Command output

Field	Description
State	VSI state: ·     Up—The VSI is up. ·     Down—The VSI is down. ·     Admin down—The VSI has been manually shut down by using the shutdown command.

 

# Display detailed information about all VSIs.

<Sysname> display l2vpn vsi verbose

VSI Name: vpna

  VSI Index               : 0

  VSI State               : Up

  MTU                     : -

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : -

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Enabled

  Input statistics        :

    Octets   : 0

    Packets  : 0

    Errors   : 0

    Discards : 0

  Output statistics:

    Octets   : 0

    Packets  : 0

    Errors   : 0

    Discards : 0

  Gateway Interface       : VSI-interface 100

  VXLAN ID                : 10

  Tunnels:

    Tunnel Name          Link ID    State  Type      Flood proxy

    Tunnel1              0x5000001  Up     Manual    Disabled

    Tunnel2              0x5000002  Up     Manual    Disabled

  ACs:

    AC                               Link ID    State    Type

    HGE1/0/1 srv1000                 0          Up       Manual

Table 9 Command output

Field	Description
VSI Description	Description of the VSI. If the VSI does not have a description, the command does not display this field.
VSI State	VSI state: ·     Up—The VSI is up. ·     Down—The VSI is down. ·     Administratively down—The VSI has been manually shut down by using the shutdown command.
MTU	MTU on the VSI.
Bandwidth	Bandwidth limit in kbps. If no bandwidth limit is set for the VSI, a hyphen (-) is displayed.
Broadcast Restrain	Broadcast restraint bandwidth (in kbps). If the broadcast restraint bandwidth is not set, a hyphen (-) is displayed.
Multicast Restrain	This field is not supported in the current software version. Multicast restraint bandwidth (in kbps). If the multicast restraint bandwidth is not set, a hyphen (-) is displayed.
Unknown Unicast Restrain	Unknown unicast restraint bandwidth (in kbps). If the unknown unicast restraint bandwidth is not set, a hyphen (-) is displayed.
MAC Learning	State of the MAC learning feature.
MAC Table Limit	Maximum number of MAC address entries on the VSI.
Drop Unknown	Action on source MAC-unknown frames received after the maximum number of MAC entries is reached.
Flooding	State of the VSI's flooding feature: ·     Enabled—Flooding is enabled on the VSI. ·     Disabled—Flooding is disabled on the VSI.
Statistics	Packet statistics state: ·     Enabled—The packet statistics feature is enabled for the VSI. ·     Disabled—The packet statistics feature is disabled for the VSI.
Input statistics	Incoming traffic statistics: ·     Octets—Number of incoming bytes. ·     Packets—Number of incoming packets. ·     Errors—Number of error packets. ·     Discards—Number of discarded packets.
Output statistics	Outgoing traffic statistics: ·     Octets—Number of outgoing bytes. ·     Packets—Number of outgoing packets. ·     Errors—Number of error packets. ·     Discards—Number of discarded packets.
Gateway Interface	VSI interface name.
State	Tunnel state: ·     Up—The tunnel is operating correctly. ·     Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. ‌ ·     Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. ·     Down—The tunnel interface is down.
Type	Tunnel assignment method: ·     Auto—The tunnel was automatically assigned to the VXLAN by EVPN. ·     Manual—The tunnel was manually assigned to the VXLAN.
Flood proxy	Flood proxy state: ·     Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. ·     Disabled—Flood proxy is disabled.
ACs	ACs that are bound to the VSI.
Link ID	AC's link ID on the VSI.
State	AC state: ·     Up. ·     Down.
Type	Type and traffic match mode of the Ethernet service instance. Manual represents a static Ethernet service instance in VLAN-based traffic match mode.

 

display statistic mode

Use display statistic mode to display the current packet statistic collection mode.

Syntax

display statistic mode

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the current packet statistic collection mode.

<Sysname> display statistic mode

The packet statistic mode is vsi.

Related commands

statistic mode

display vxlan tunnel

Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.

Syntax

display vxlan tunnel [ vxlan-id vxlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.

Examples

# Display VXLAN tunnel information for all VXLANs.

<Sysname> display vxlan tunnel

Total number of VXLANs: 1

 

VXLAN ID: 10, VSI name: vpna, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)

Tunnel name          Link ID    State  Type         Flood proxy

Tunnel1              0x5000001  Up     Manual       Disabled

Tunnel2              0x5000002  Up     Manual       Disabled

# Display VXLAN tunnel information for VXLAN 10.

<Sysname> display vxlan tunnel vxlan-id 10

VXLAN ID: 10, VSI name: vpna, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)

Tunnel name          Link ID    State  Type         Flood proxy

Tunnel1              0x5000001  Up     Manual       Disabled

Tunnel2              0x5000002  Up     Manual       Disabled

Table 10 Command output

Field	Description
Link ID	Tunnel's link ID in the VXLAN.
State	Tunnel state: ·     Up—The tunnel is operating correctly. ·     Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. ·     Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. ·     Down—The tunnel interface is down.
Type	Tunnel assignment method: ·     Auto—The tunnel was automatically assigned to the VXLAN by EVPN. ·     Manual—The tunnel was manually assigned to the VXLAN.
Flood proxy	Flood proxy state: ·     Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. ·     Disabled—Flood proxy is disabled.

 

Related commands

tunnel

vxlan

encapsulation

Use encapsulation to configure a frame match criterion for an Ethernet service instance.

Use undo encapsulation to restore the default.

Syntax

encapsulation s-vid vlan-id-list [ only-tagged ]

encapsulation s-vid vlan-id-list c-vid vlan-id

encapsulation { default | untagged }

undo encapsulation

Default

An Ethernet service instance does not contain a frame match criterion.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

s-vid: Matches frames that are tagged with the specified outer 802.1Q VLAN IDs.

c-vid: Matches frames that are tagged with the specified inner 802.1Q VLAN IDs.

vlan-id: Specifies an 802.1Q VLAN ID in the range of 1 to 4094.

vlan-id-list: Specifies a space-separated list of up to eight VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the format of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094.

only-tagged: Matches tagged frames. If the outer 802.1Q VLAN is not the PVID, the matching result does not differ, whether or not you specify the only-tagged keyword. If the outer 802.1Q VLAN is the PVID, the matching result depends on whether or not the only-tagged keyword is specified.

·     To match only PVID-tagged frames, specify the only-tagged keyword.

·     To match both untagged frames and PVID-tagged frames, do not specify the only-tagged keyword.

default: Matches frames that do not match any other Ethernet service instance on the interface. On an interface, you can configure this criterion only in one Ethernet service instance. The Ethernet service instance matches any frames if it is the only instance on the interface.

untagged: Matches any frames that do not have an 802.1Q VLAN tag.

Usage guidelines

An Ethernet service instance can contain only one match criterion. To change the match criterion, first execute the undo encapsulation command to remove the original criterion. When you remove the match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.

Examples

# Configure Ethernet service instance 1 on HundredGigE 1/0/1 to match frames that have an outer 802.1Q VLAN ID of 111.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 1

[Sysname-HundredGigE1/0/1-srv1] encapsulation s-vid 111

Related commands

display l2vpn service-instance

flooding disable

Use flooding disable to disable flooding for a VSI.

Use undo flooding disable to enable flooding for a VSI.

Syntax

flooding disable { all | { broadcast | unknown-multicast | unknown-unicast } * }

undo flooding disable

Default

Flooding is enabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

Parameters

all: Specifies broadcast, unknown unicast, and unknown multicast traffic.

broadcast: Specifies broadcast traffic.

unknown-multicast: Specifies unknown multicast traffic.

unknown-unicast: Specifies unknown unicast traffic.

Usage guidelines

By default, the device floods broadcast, unknown unicast, and unknown multicast frames received from the local site to the following interfaces in the frame's VXLAN:

·     All site-facing interfaces except for the incoming interface.

·     All VXLAN tunnel interfaces.

When receiving broadcast, unknown unicast, and unknown multicast frames on VXLAN tunnel interfaces, the device floods the frames to all site-facing interfaces in the frames' VXLAN.

To confine a kind of flood traffic, use this command to disable flooding for that kind of flood traffic on the VSI bound to the VXLAN.

You cannot specify the unknown-multicast or unknown-unicast keyword alone. If you specify one of the keywords, you must also specify the other.

Examples

# Disable flooding of local broadcast traffic to remote sites for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] flooding disable broadcast

l2vpn enable

Use l2vpn enable to enable L2VPN.

Use undo l2vpn enable to disable L2VPN.

Syntax

l2vpn enable

undo l2vpn enable

Default

L2VPN is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable L2VPN before you can configure L2VPN settings.

Examples

# Enable L2VPN.

<Sysname> system-view

[Sysname] l2vpn enable

mac-address static vsi

Use mac-address static vsi to add a static MAC address entry for a VXLAN VSI.

Use undo mac-address static vsi to remove a static MAC address entry for a VXLAN VSI.

Syntax

mac-address static mac-address { interface interface-type interface-number service-instance instance-id | interface tunnel tunnel-number } vsi vsi-name

undo mac-address static [ mac-address ] [ interface interface-type interface-number service-instance instance-id | interface tunnel tunnel-number ] vsi vsi-name

Default

VXLAN VSIs do not have static MAC address entries.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.

interface interface-type interface-number service-instance instance-id: Specifies an Ethernet service instance on an interface. The interface-type interface-number argument specifies the interface by its type and number. The instance-id argument specifies the Ethernet service instance by its ID in the range of 1 to 4096. This option applies to local MAC addresses.

interface tunnel tunnel-number: Specifies a VXLAN or VXLAN-DCI tunnel interface by its tunnel interface number. The tunnel interface must already exist. This option applies to remote MAC addresses.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A local MAC address is the MAC address of a VM in the local site. Local MAC entries include manually added entries and dynamically learned entries.

A remote MAC address is the MAC address of a VM in a remote site. Remote MAC entries include manually added MAC entries, dynamically learned MAC entries, and MAC entries advertised through BGP EVPN.

When you add a local MAC address entry, make sure the specified Ethernet service instance has been mapped to the VSI. When you add a remote MAC address entry, make sure the VSI's VXLAN has been specified on the VXLAN or VXLAN-DCI tunnel.

The undo mac-address static vsi vsi-name command removes all static MAC address entries for a VSI.

Do not configure static remote-MAC entries for tunnels that are automatically established by using EVPN.

·     EVPN re-establishes tunnels if the transport-facing interface goes down and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.

·     EVPN re-establishes tunnels if you perform configuration rollback. If the tunnel IDs change during tunnel re-establishment, configuration rollback fails, and static remote-MAC entries on the tunnels cannot be restored.

Examples

# Add MAC address 000f-e201-0101 to VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1

# Add MAC address 000f-e201-0102 of Ethernet service instance 1 to VSI vsi1. Specify HundredGigE 1/0/1 as the outgoing interface.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0102 interface hundredgige 1/0/1 service-instance 1 vsi vsi1

Related commands

vxlan tunnel mac-learning disable

overlay oam enable

Use overlay oam enable to enable overlay OAM.

Use undo overlay oam enable to disable overlay OAM.

Syntax

overlay oam enable

undo overlay oam enable

Default

Overlay OAM is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable overlay OAM on the tunnel destination device for a VXLAN tunnel before you can use the ping vxlan or tracert vxlan command to test reachability of the VXLAN tunnel on the tunnel source device. To specify the -r 3 parameter in the ping vxlan or tracert vxlan command on the tunnel source device, you must also enable overlay OAM on the tunnel source device.

Examples

# Enable overlay OAM.

<Sysname> system-view

[Sysname] overlay oam enable

Related commands

ping vxlan

tracert vxlan

ping vxlan

Use ping vxlan to ping a VXLAN tunnel destination.

Syntax

ping vxlan [ -a inner-src-address | -c count | -m interval | -r reply-mode | -t timeout | -tos tos-value ] * vxlan-id vxlan-id tunnel-source source-address tunnel-destination dest-address [ destination-udpport dest-port ] [ vxlan-source-address vxlan-source-address ] [ load-balance { vxlan-source-udpport vxlan-source-udpport [ end-vxlan-src-udpport ] | source-address lb-src-address destination-address lb-dest-address protocol { udp | lb-protocol-id } source-port lb-src-port destination-port lb-dest-port source-mac lb-source-mac destination-mac lb-destination-mac } ]

Views

Any view

Predefined user roles

network-admin

Parameters

-a inner-src-address: Specifies the source IP address in the inner IP header of VXLAN echo requests. If you do not specify this option, the primary IP address of the outgoing interface is used as the source IP address in the inner IP header of VXLAN echo requests. Make sure the tunnel destination device can reach this source IP address. For example, you can specify the tunnel source address as the source IP address in the inner IP header of VXLAN echo requests.

-c count: Specifies the number of VXLAN echo requests to send, in the range of 1 to 4294967295. The default value is 5.

-m interval: Specifies the interval for sending VXLAN echo requests, in milliseconds. The value range for the interval argument 1 to 10000, and the default is 200 milliseconds.

-r reply-mode: Sets the reply mode used by the receiver to reply to VXLAN echo requests. The value of the reply-mode argument can be 1, 2, or 3.

·     1—Do not reply.

·     2—Look up the IP forwarding table for the destination IP address.

·     3—Perform VXLAN encapsulation.

-t timeout: Specifies the timeout time for receiving VXLAN echo replies, in milliseconds. The value range for the timeout argument is 0 to 65535, and the default is 2000 milliseconds.

-tos tos-value: Specifies the ToS value in the outer IP header of VXLAN echo requests. The value range for the tos-value argument is 0 to 255, and the default is 0.

vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

tunnel-source source-address: Specifies a VXLAN tunnel source IPv4 address.

tunnel-destination dest-address: Specifies a VXLAN tunnel destination IPv4 address.

destination-udpport dest-port: Specifies the destination UDP port number in the inner header of VXLAN echo requests. The value range for the dest-port argument is 1 to 65535, and the default is 50001. Specify this parameter if a specific port number is required to be used as the inner destination UDP port number.

vxlan-source-address vxlan-source-address: Specifies the source IPv4 address in the outer IP header of VXLAN echo requests. If you do not specify this option, the source IPv4 address is the address specified with the tunnel-source source-address parameter. On a DR member device, specify the source IPv4 address as the local VTEP IP address.

load-balance: Configures load balancing parameters. If you do not specify this keyword, the command tests only one of the multiple paths to the VXLAN tunnel destination.

vxlan-source-udpport vxlan-source-udpport end-vxlan-src-udpport: Specifies a source UDP port range for VXLAN echo requests. The value range for UDP port numbers is 49152 to 65535. The default start UDP port number is 4789. If you do not specify an end UDP port number, the end UDP port number is the start UDP port number.

source-address lb-src-address: Specifies the source IPv4 address used for load balancing calculation.

destination-address lb-dest-address: Specifies the destination IPv4 address used for load balancing calculation.

protocol: Specifies the protocol used for load balancing calculation.

udp: Specifies UDP.

lb-protocol-id: Specifies a protocol number in the range of 1 to 255.

source-port lb-src-port: Specifies a source port number used for load balancing calculation, in the range of 1 to 65535.

destination-port lb-dest-port: Specifies a destination port number used for load balancing calculation, in the range of 1 to 65535.

source-mac lb-source-mac: Specifies a source MAC address used for load balancing calculation.

destination-mac lb-destination-mac: Specifies a destination MAC address used for load balancing calculation.

Usage guidelines

Use this command to test the connectivity of a VXLAN tunnel in a VXLAN or EVPN VXLAN network when the tunnel has traffic loss or interruption issues.

Before you execute this command for a VXLAN tunnel, you must enable overlay OAM on the tunnel destination device by using the overlay oam enable command.

The VTEP can distribute VXLAN echo requests among multiple paths to the destination based on the source UDP port. When a VXLAN tunnel has multiple paths on the transport network, you can configure load sharing parameters to ensure accuracy of the test result. You can use one of the following methods to configure source UDP ports for VXLAN echo requests:

·     Specify a source UDP port range. The device will send VXLAN echo requests sourced from each UDP port in the UDP port range. You need to execute the ping vxlan command only once.

·     Specify load balancing parameters such as source and destination MAC addresses, source and destination IP addresses, and protocol for the VTEP to calculate a source UDP port number. You need to execute the ping vxlan command multiple times to test connectivity of all paths.

The load balancing parameters change only the source UDP port number of VXLAN echo requests. Other fields of the requests will not be changed.

If you specify the vxlan-source-udpport vxlan-source-udpport [ end-vxlan-src-udpport ] parameters, the number of VXLAN echo requests sourced from each UDP port in the UDP port range is determined by the -c count parameter.

Examples

# Test connectivity of VXLAN 1 that is sourced from 11.11.11.11 and destined for 22.22.22.22.

<Sysname> ping vxlan vxlan-id 1 tunnel-source 11.11.11.11 tunnel-destination 22.22.22.22

Ping VXLAN: VXLAN ID 1 source 11.11.11.11 destination 22.22.22.22:

Press CTRL+C to break.

40 bytes from 30.0.0.2: sequence=1 time=6 ms

40 bytes from 30.0.0.2: sequence=2 time=4 ms

40 bytes from 30.0.0.2: sequence=3 time=3 ms

40 bytes from 30.0.0.2: sequence=4 time=3 ms

40 bytes from 30.0.0.2: sequence=5 time=2 ms

 

--- Ping statistics for VXLAN 1 source 11.11.11.11 destination 22.22.22.22 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 2/3/6 ms

Table 11 Command output

Field	Description
Press CTRL+C to break	Press escape key Ctrl+C to abort the ping operation.
40 bytes from 30.0.0.2: sequence=1 time=6 ms	Received VXLAN echo replies from a device. If no echo reply is received within the timeout period, no information is displayed. ·     bytes—Number of bytes in the VXLAN echo reply. ·     sequence—Packet sequence number used to determine whether a packet is lost, disordered, or repeated. ·     time—Response time.
Return code	Return code: ·     0—No return code. ·     1—Echo request error. ·     2—The VXLAN does not exist. ·     3—The VXLAN does not have up tunnels. The number in parentheses is a sub code fixed at 0.
Ping statistics for VXLAN 1 source 11.11.11.11 destination 22.22.22.22	Statistics about the data received and sent in the ping operation.
packets transmitted	Number of sent VXLAN echo requests.
packets received	Number of received VXLAN echo replies.
packet loss	Percentage of unacknowledged requests to the total requests sent.
Round-trip min/avg/max	Minimum/average/maximum deviation response time, in milliseconds.

 

Related commands

overlay oam enable

tracert vxlan

reserved vxlan

Use reserved vxlan to specify a reserved VXLAN.

Use undo reserved vxlan to restore the default.

Syntax

reserved vxlan vxlan-id

undo reserved vxlan

Default

No VXLAN has been reserved.

Views

System view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

Usage guidelines

You can specify only one reserved VXLAN on the VTEP. The reserved VXLAN cannot be the VXLAN created on any VSI.

The reserved VXLAN ID cannot be the same as the remote VXLAN ID specified by using the mapping vni command.

Examples

# Specify VXLAN 10000 as the reserved VXLAN.

<Sysname> system-view

[Sysname] reserved vxlan 10000

Related commands

mapping vni (EVPN Command Reference)

reset arp suppression vsi

Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.

Syntax

reset arp suppression vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.

Examples

# Clear ARP flood suppression entries on all VSIs.

<Sysname> reset arp suppression vsi

This command will delete all entries. Continue? [Y/N]:y

Related commands

arp suppression enable

display arp suppression vsi

reset l2vpn mac-address

Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.

Syntax

reset l2vpn mac-address [ vsi vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.

Usage guidelines

Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.

Examples

# Clear the dynamic MAC address entries on VSI vpn1.

<Sysname> reset l2vpn mac-address vsi vpn1

Related commands

display l2vpn mac-address vsi

reset l2vpn statistics ac

Use reset l2vpn statistics ac to clear packet statistics on ACs.

Syntax

reset l2vpn statistics ac [ interface interface-type interface-number service-instance instance-id ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

service-instance instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.

Usage guidelines

If you do not specify any parameters, this command clears packet statistics on all ACs.

Examples

# Clear packet statistics for Ethernet service instance 1 on HundredGigE 1/0/1.

<Sysname> reset l2vpn statistics ac interface hundredgige 1/0/1 service-instance 1

Related commands

display l2vpn service-instance verbose

statistics enable (Ethernet service instance view)

reset l2vpn statistics vsi

Use reset l2vpn statistics vsi to clear packet statistics on VSIs.

Syntax

reset l2vpn statistics vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears packet statistics on all VSIs.

Examples

# Clear packet statistics on all VSIs.

<Sysname> reset l2vpn statistics vsi

Related commands

statistics enable (VSI view)

rewrite inbound tag

Use rewrite inbound tag to configure the VLAN tag processing rule for incoming traffic.

Use undo rewrite inbound tag to restore the default.

Syntax

rewrite inbound tag { nest { c-vid vlan-id | s-vid vlan-id [ c-vid vlan-id ] } | remark { { 1-to-1 | 2-to-1 } { c-vid vlan-id | s-vid vlan-id } | { 1-to-2 | 2-to-2 } s-vid vlan-id c-vid vlan-id } | strip { c-vid | s-vid [ c-vid ] } } [ symmetric ]

undo rewrite inbound tag

Default

VLAN tags of incoming traffic are not processed.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

nest: Adds VLAN tags.

c-vid: Specifies an inner VLAN tag.

s-vid: Specifies an outer VLAN tag.

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

remark: Maps VLAN tags.

1-to-1: Performs one-to-one mapping to replace one VLAN tag of packets with the specified VLAN tag.

2-to-1: Performs two-to-one mapping to replace the outer and inner VLAN tags of double tagged packets with the specified VLAN tag.

1-to-2: Performs one-to-two mapping to replace the VLAN tag of single tagged packets with the specified outer and inner VLAN tags.

2-to-2: Performs two-to-two mapping to replace the outer and inner VLAN tags of double tagged packets with the specified outer and inner VLAN tags.

strip: Removes VLAN tags.

symmetric: Applies the reverse VLAN tag processing rule to outgoing traffic.

Usage guidelines

To modify the VLAN tag processing rule for incoming traffic, you must first delete the existing rule by using the undo rewrite inbound tag command.

When you use this command, follow these restrictions:

·     The rewrite inbound tag nest s-vid vlan-id c-vid vlan-id command does not take effect on tagged packets.

·     The rewrite inbound tag nest s-vid vlan-id command does not take effect on double tagged packets.

·     The rewrite inbound tag nest c-vid vlan-id command does not take effect.

·     You cannot both specify the symmetric keyword in this command and configure the rewrite outbound tag command.

Examples

# Configure Ethernet service instance 1 on HundredGigE 1/0/1 to replace outer VLAN tag 10 with outer VLAN tag 100 for incoming traffic.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 1

[Sysname-HundredGigE1/0/1-srv1] encapsulation s-vid 10

[Sysname-HundredGigE1/0/1-srv1] rewrite inbound tag remark 1-to-1 s-vid 100

rewrite outbound tag

Use rewrite outbound tag to configure the VLAN tag processing rule for outgoing traffic.

Use undo rewrite outbound tag to restore the default.

Syntax

rewrite outbound tag { nest { c-vid vlan-id | s-vid vlan-id [ c-vid vlan-id ] } | remark { { 1-to-1 | 2-to-1 } { c-vid vlan-id | s-vid vlan-id } | { 1-to-2 | 2-to-2 } s-vid vlan-id c-vid vlan-id } | strip { c-vid | s-vid [ c-vid ] } }

undo rewrite outbound tag

Default

VLAN tags of outgoing traffic are not processed.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

nest: Adds VLAN tags.

c-vid: Specifies an inner VLAN tag.

s-vid: Specifies an outer VLAN tag.

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

remark: Maps VLAN tags.

1-to-1: Performs one-to-one mapping to replace one VLAN tag of packets with the specified VLAN tag.

2-to-1: Performs two-to-one mapping to replace the outer and inner VLAN tags of double tagged packets with the specified VLAN tag.

1-to-2: Performs one-to-two mapping to replace the VLAN tag of single tagged packets with the specified outer and inner VLAN tags.

2-to-2: Performs two-to-two mapping to replace the outer and inner VLAN tags of double tagged packets with the specified outer and inner VLAN tags.

strip: Removes VLAN tags.

Usage guidelines

To modify the VLAN tag processing rule for outgoing traffic, you must first delete the existing rule by using the undo rewrite outbound tag command.

When you use this command, follow these restrictions:

·     The rewrite outbound tag nest s-vid vlan-id c-vid vlan-id command does not take effect on tagged packets.

·     The rewrite outbound tag nest s-vid vlan-id command does not take effect on double tagged packets.

·     The rewrite outbound tag nest c-vid vlan-id command does not take effect.

·     You cannot both configure this command and specify the symmetric keyword in the rewrite inbound tag command.

Examples

# Configure Ethernet service instance 1 on HundredGigE 1/0/1 to replace outer VLAN tag 10 with outer VLAN tag 100 for incoming traffic and to remove the outer VLAN tags for outgoing traffic.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 1

[Sysname-HundredGigE1/0/1-srv1] encapsulation s-vid 10

[Sysname-HundredGigE1/0/1-srv1] rewrite inbound tag remark 1-to-1 s-vid 100

[Sysname-HundredGigE1/0/1-srv1] rewrite outbound tag strip s-vid

selective-flooding mac-address

Use selective-flooding mac-address to enable selective flood for a MAC address.

Use undo selective-flooding mac-address to disable selective flood for a MAC address.

Syntax

selective-flooding mac-address mac-address

undo selective-flooding mac-address mac-address

Default

Selective flood is disabled for all MAC addresses.

Views

VSI view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address. The MAC address cannot be all Fs.

Usage guidelines

This command excludes a remote unicast or multicast MAC address from the remote flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when floods are confined to the local site.

Examples

# Enable selective flood for 000f-e201-0101 on VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101

Related commands

flooding disable (VSI view)

service-instance

Use service-instance to create an Ethernet service instance and enter its view, or enter the view of an existing Ethernet service instance.

Use undo service-instance to delete an Ethernet service instance.

Syntax

service-instance instance-id

undo service-instance instance-id

Default

No Ethernet service instances exist.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.

Examples

# On Layer 2 Ethernet interface HundredGigE 1/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 1

[Sysname-HundredGigE1/0/1-srv1]

Related commands

display l2vpn service-instance

shutdown

Use shutdown to shut down a VSI.

Use undo shutdown to bring up a VSI.

Syntax

shutdown

undo shutdown

Default

VSIs are up.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.

Examples

# Shut down VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] shutdown

Related commands

display l2vpn vsi

statistic mode

Use statistic mode to set the packet statistic collection mode.

Use undo statistic mode to restore the default.

Syntax

statistic mode { ac | vsi }

undo statistic mode

Default

The default packet statistic collection mode is VSI.

Views

System view

Predefined user roles

network-admin

Parameters

ac: Specifies the AC mode.

vsi: Specifies the VSI mode.

Usage guidelines

To enable packet statistics for an Ethernet service instance, set the packet statistic collection mode to AC and execute the statistics enable command in Ethernet service instance view.

To enable packet statistics for a VSI and its associated VSI interface, set the packet statistic collection mode to VSI and execute the statistics enable command in VSI view.

Examples

# Set the packet statistic collection mode to VSI.

<Sysname> system-view

[Sysname] statistic mode vsi

Do you want to change the packet statistic mode? [Y/N]:y

Related commands

display statistic mode

statistics enable (Ethernet service instance view)

Use statistics enable to enable packet statistics for an Ethernet service instance.

Use undo statistics enable to disable packet statistics for an Ethernet service instance.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for an Ethernet service instance.

Views

Ethernet service instance view

Predefined user roles

network-admin

Usage guidelines

For this command to take effect, you must configure a frame match criterion for the Ethernet service instance and map it to a VSI. If you modify the frame match criterion or VSI mapping, packet statistics of the instance is cleared.

Examples

# Enable packet statistics for Ethernet service instance 200 on HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 200

[Sysname-HundredGigE1/0/1-srv200] statistics enable

Related command

display l2vpn service-instance verbose

reset l2vpn statistics ac

statistics enable (VSI view)

Use statistics enable to enable packet statistics for a VSI.

Use undo statistics enable to disable packet statistics for a VSI.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

Examples

# Enable packet statistics for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] statistics enable

Related commands

display l2vpn vsi verbose

reset l2vpn statistics vsi

tracert vxlan

Use tracert vxlan to trace the path to a VXLAN tunnel destination.

Syntax

tracert vxlan [ -a inner-src-address | -h ttl-value | -r reply-mode | -t timeout ] * vxlan-id vxlan-id  tunnel-source source-address tunnel-destination dest-address [ destination-udpport dest-port ] [ vxlan-source-address vxlan-source-address ] [ load-balance { vxlan-source-udpport vxlan-source-udpport | source-address lb-src-address destination-address lb-dest-address protocol { udp | lb-protocol-id } source-port lb-src-port destination-port lb-dest-port source-mac lb-source-mac destination-mac lb-destination-mac } ]

Views

Any view

Predefined user roles

network-admin

Parameters

-a inner-src-address: Specifies the source IP address in the inner IP header of VXLAN echo requests. If you do not specify this option, the primary IP address of the outgoing interface is used as the source IP address in the inner IP header of VXLAN echo requests. Make sure the tunnel destination device can reach this source IP address. For example, you can specify the tunnel source address as the source IP address in the inner IP header of VXLAN echo requests.

-h ttl-value: Specifies the maximum TTL value in the outer IP header of VXLAN echo requests. The value range for the ttl-value argument is 1 to 255, and the default is 30.

-r reply-mode: Sets the reply mode used by the receiver to reply to VXLAN echo requests. The value of the reply-mode argument can be 1, 2, or 3.

·     1—Do not reply.

·     2—Look up the IP forwarding table for the destination IP address.

·     3—Perform VXLAN encapsulation.

-t timeout: Specifies the timeout time for receiving VXLAN echo replies, in milliseconds. The value range for the timeout argument is 0 to 65535, and the default is 2000 milliseconds.

vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

tunnel-source source-address: Specifies a VXLAN tunnel source IPv4 address.

tunnel-destination dest-address: Specifies a VXLAN tunnel destination IPv4 address.

destination-udpport dest-port: Specifies the destination UDP port number in the inner header of VXLAN echo requests. The value range for the dest-port argument is 1 to 65535, and the default is 50001. Specify this parameter if a specific port number is required to be used as the inner destination UDP port number.

vxlan-source-address vxlan-source-address: Specifies the source IPv4 address in the outer IP header of VXLAN echo requests. If you do not specify this option, the source IPv4 address is the address specified with the tunnel-source source-address parameter. On a DR member device, specify the source IPv4 address as the local VTEP IP address.

load-balance: Configures load balancing parameters. If you do not specify this keyword, the command tests only one of the multiple paths to the VXLAN tunnel destination.

vxlan-source-udpport vxlan-source-udpport end-vxlan-src-udpport: Specifies a source UDP port range for VXLAN echo requests. The value range for UDP port numbers is 49152 to 65535. The default start UDP port number is 4789. If you do not specify an end UDP port number, the end UDP port number is the start UDP port number.

source-address lb-src-address: Specifies the source IPv4 address used for load balancing calculation.

destination-address lb-dest-address: Specifies the destination IPv4 address used for load balancing calculation.

protocol: Specifies the protocol used for load balancing calculation.

udp: Specifies UDP.

lb-protocol-id: Specifies a protocol number in the range of 1 to 255.

source-port lb-src-port: Specifies a source port number used for load balancing calculation, in the range of 1 to 65535.

destination-port lb-dest-port: Specifies a destination port number used for load balancing calculation, in the range of 1 to 65535.

source-mac lb-source-mac: Specifies a source MAC address used for load balancing calculation.

destination-mac lb-destination-mac: Specifies a destination MAC address used for load balancing calculation.

Usage guidelines

Use this command to locate failed nodes on the path for a VXLAN tunnel that has traffic loss or interruption issues in a VXLAN or EVPN VXLAN network.

Before you execute this command for a VXLAN tunnel, you must enable overlay OAM on the tunnel destination device by using the overlay oam enable command.

The VTEP can distribute VXLAN echo requests among multiple paths to the destination based on the source UDP port. When a VXLAN tunnel has multiple paths on the transport network, you can configure load sharing parameters to ensure accuracy of the test result. You can use one of the following methods to configure source UDP ports for VXLAN echo requests:

·     Specify a source UDP port range. The device will send VXLAN echo requests sourced from each UDP port in the UDP port range. You need to execute the ping vxlan command only once.

·     Specify load balancing parameters such as source and destination MAC addresses, source and destination IP addresses, and protocol for the VTEP to calculate a source UDP port number. You need to execute the ping vxlan command multiple times to test connectivity of all paths.

The load balancing parameters change only the source UDP port number of VXLAN echo requests. Other fields of the requests will not be changed.

Examples

# Trace the path for VXLAN 1 that is sourced from 11.11.11.11 and destined for 22.22.22.22.

<Sysname> tracert vxlan vxlan-id 1 tunnel-source 11.11.11.11 tunnel-destination 22.22.22.22

Tracert VXLAN: VXLAN ID 1 source 11.11.11.11 destination 22.22.22.22:

  TTL   Replier            Time    InBound                OutBound

  1     20.0.0.1           2 ms    HGE1/0/1               HGE1/0/2

  2     30.0.0.2           4 ms    HGE1/0/1               --

Table 12 Command output

Field	Description
TTL	Number of hops.
Replier	Node IP address.
Time	Response time in milliseconds.
InBound	Incoming interface for the VXLAN echo request.
OutBound	Outgoing interface for the VXLAN echo request.
Return code	Return code: ·     0—No return code. ·     1—Echo request error. ·     2—The VXLAN does not exist. ·     3—The VXLAN does not have up tunnels. The number in parentheses is a sub code fixed at 0.

 

Related commands

overlay oam enable

ping vxlan

tunnel

Use tunnel to assign VXLAN tunnels to a VXLAN.

Use undo tunnel to remove VXLAN tunnels from a VXLAN.

Syntax

tunnel { tunnel-number [ backup-tunnel tunnel-number | flooding-proxy ]| all }

undo tunnel { tunnel-number | all }

Default

A VXLAN does not contain VXLAN tunnels.

Views

VXLAN view

Predefined user roles

network-admin

Parameters

tunnel-number: Specifies a tunnel interface number. The tunnel must be an existing VXLAN tunnel.

backup-tunnel tunnel-number: Specifies a backup tunnel by its tunnel interface number. The tunnel must be an existing VXLAN tunnel.

flooding-proxy: Enables flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs. If you do not specify this keyword, flood proxy is disabled on the tunnel.

all: Specifies all VXLAN tunnels.

Usage guidelines

This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. In unicast mode, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.

You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs.

To assign a pair of primary and backup VXLAN tunnels to the VXLAN, specify the backup-tunnel tunnel-number option. When the primary VXLAN tunnel is operating correctly, the backup VXLAN tunnel does not forward traffic. When the primary VXLAN tunnel goes down, traffic is switched to the backup VXLAN tunnel.

On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups that do not forward traffic when the primary proxy tunnel is operating correctly.

To change a flood proxy tunnel for a VXLAN, perform the following tasks:

·     Use the undo tunnel command to remove the flood proxy tunnel.

·     Use the tunnel command to enable flood proxy on another tunnel and assign the tunnel to the VXLAN.

If you assign VXLAN tunnels to a VXLAN one by one, you cannot remove all the VXLAN tunnels by using the undo tunnel all command.

If you assign all VXLAN tunnels to a VXLAN by using the tunnel all command, you cannot remove the VXLAN tunnels one by one. You can only use the undo tunnel all command to remove all the VXLAN tunnels.

As a best practice, use the tunnel all command only when batch VXLAN tunnel assignment is necessary.

Examples

# Assign VXLAN tunnels 1 and 2 to VXLAN 10000.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000] tunnel 1

[Sysname-vsi-vpna-vxlan-10000] tunnel 2

Related commands

display vxlan tunnel

tunnel global source-address

Use tunnel global source-address to specify a global source address for VXLAN tunnels.

Use undo tunnel global source-address to restore the default.

Syntax

tunnel global source-address ip-address

undo tunnel global source-address

Default

No global source address is specified for VXLAN tunnels.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IP address.

Usage guidelines

A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.

The global source address takes effect only on VXLAN tunnels (VXLAN-DCI tunnels not included).

Examples

# Specify 1.1.1.1 as the global source address for VXLAN tunnels.

<Sysname> system-view

[Sysname] tunnel global source-address 1.1.1.1

vsi

Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.

Use undo vsi to delete a VSI.

Syntax

vsi vsi-name

undo vsi vsi-name

Default

No VSIs exist.

Views

System view

Predefined user roles

network-admin

Parameters

vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.

A VSI can provide services only for one VXLAN.

Examples

# Create VSI vxlan10 and enter VSI view.

<Sysname> system-view

[Sysname] vsi vxlan10

[Sysname-vsi-vxlan10]

Related commands

display l2vpn vsi

vxlan

Use vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN.

Use undo vxlan to restore the default.

Syntax

vxlan vxlan-id

undo vxlan

Default

No VXLANs exist.

Views

VSI view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

Usage guidelines

You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.

Examples

# Create VXLAN 10000 for VSI vpna and enter VXLAN view.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000]

Related commands

vsi

vxlan invalid-udp-checksum discard

Use vxlan invalid-udp-checksum discard to enable the device to drop the VXLAN packets that fail UDP checksum check.

Use undo vxlan invalid-udp-checksum discard to restore the default.

Syntax

vxlan invalid-udp-checksum discard

undo vxlan invalid-udp-checksum discard

Default

The device does not check the UDP checksum of VXLAN packets.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to check the UDP checksum of VXLAN packets.

The device always sets the UDP checksum of VXLAN packets to 0. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is 0 or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.

Examples

# Enable the device to drop the VXLAN packets that fail UDP checksum check.

<Sysname> system-view

[Sysname] vxlan invalid-udp-checksum discard

Related commands

vxlan invalid-vlan-tag discard

vxlan invalid-vlan-tag discard

Use vxlan invalid-vlan-tag discard to enable the device to drop the VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header.

Use undo vxlan invalid-vlan-tag discard to restore the default.

Syntax

vxlan invalid-vlan-tag discard

undo vxlan invalid-vlan-tag discard

Default

The device does not check whether a VXLAN packet has 802.1Q VLAN tags in the inner Ethernet header.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If a remote VTEP uses the Ethernet access mode, its VXLAN packets might contain 802.1Q VLAN tags. To prevent the local VTEP from dropping the VXLAN packets, do not execute the vxlan invalid-vlan-tag discard command on the local VTEP.

To configure the access mode, use the xconnect vsi command.

Examples

# Enable the device to drop VXLAN packets that have 802.1Q VLAN tags.

<Sysname> system-view

[Sysname] vxlan invalid-vlan-tag discard

Related commands

vxlan invalid-udp-checksum discard

xconnect vsi

vxlan ip-forwarding

Use vxlan ip-forwarding to enable Layer 3 forwarding for all VXLANs.

Use undo vxlan ip-forwarding to enable Layer 2 forwarding for all VXLANs.

Syntax

vxlan ip-forwarding [ tagged | untagged ]

undo vxlan ip-forwarding

Default

Layer 3 forwarding is enabled for all VXLANs, and VXLAN packets do not carry VLAN tags.

Views.

System view

Predefined user roles

network-admin

Parameters

tagged: Specifies the tagged mode. In this mode, the VTEP adds a VLAN tag to a VXLAN packet.

untagged: Specifies the untagged mode. In this mode, the VTEP does not add a VLAN tag to a VXLAN packet.

Usage guidelines

If the device is a VTEP, enable Layer 2 forwarding for VXLANs. If the device is a VXLAN IP gateway, enable Layer 3 forwarding for VXLANs.

In Layer 3 forwarding mode, the VTEP uses the ARP table to forward traffic for VXLANs. In Layer 2 forwarding mode, the VTEP uses the MAC address table to forward traffic for VXLANs.

You must delete all VSIs, VSI interfaces, and VXLAN tunnel interfaces before you can change the forwarding mode.

If you enable Layer 3 forwarding for VXLANs, the tagging status of VXLAN packets is not determined by the link type of the outgoing interface. You must use this command to set the tagging mode of VXLAN packets.

·     Set the tagging mode to untagged if the following requirements are met:

¡     The link type of the outgoing interface is access, trunk, or hybrid.

¡     VXLAN packets are transmitted to the next hop through the PVID of the outgoing interface.

·     Set the tagging mode to tagged if the following requirements are met:

¡     The link type of the outgoing interface is trunk or hybrid.

¡     VXLAN packets are transmitted to the next hop through a VLAN other than the PVID of the outgoing interface.

If you do not set the tagging mode when you execute this command, the untagged mode is used.

You must delete all VXLAN tunnel interfaces before you can change the tagging mode of VXLAN packets.

Examples

# Enable Layer 3 forwarding for all VXLANs, and use the default tagging mode (untagged) for VXLAN packets.

<Sysname>system-view

[Sysname] vxlan ip-forwarding

vxlan local-mac report

Use vxlan local-mac report to enable local-MAC logging.

Use undo vxlan local-mac report to disable local-MAC logging.

Syntax

vxlan local-mac report

undo vxlan local-mac report

Default

Local-MAC logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When the local-MAC logging feature is enabled, the VXLAN module immediately sends a log message with its local MAC addresses to the information center. When a local MAC address is added or removed, a log message is also sent to the information center to notify the local-MAC change.

With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see System Management Configuration Guide.

Examples

# Enable local-MAC logging.

<Sysname> system-view

[Sysname] vxlan local-mac report

vxlan tunnel mac-learning disable

Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.

Use undo vxlan tunnel mac-learning disable to enable remote-MAC address learning.

Syntax

vxlan tunnel mac-learning disable

undo vxlan tunnel mac-learning disable

Default

Remote-MAC address learning is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.

Examples

# Disable remote-MAC address learning.

<Sysname> system-view

[Sysname] vxlan tunnel mac-learning disable

vxlan udp-port

Use vxlan udp-port to set the destination UDP port number for VXLAN packets.

Use undo vxlan udp-port to restore the default.

Syntax

vxlan udp-port port-number

undo vxlan udp-port

Default

The destination UDP port number is 4789 for VXLAN packets.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.

Usage guidelines

You must configure the same destination UDP port number on all VTEPs in a VXLAN.

After you modify the destination UDP port number for VXLAN packets, delete the ACLs used for matching VXLAN packets and then reconfigure the ACLs.

Examples

# Set the destination UDP port number to 6666 for VXLAN packets.

<Sysname> system-view

[Sysname] vxlan udp-port 6666

xconnect vsi

Use xconnect vsi to map an AC to a VSI.

Use undo xconnect vsi to restore the default.

Syntax

xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] [ track track-entry-number&<1-3> ]

undo xconnect vsi

Default

An AC is not mapped to any VSI.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.

access-mode: Specifies an access mode. The default access mode is VLAN.

ethernet: Specifies the Ethernet access mode.

vlan: Specifies the VLAN access mode.

track track-entry-number&<1-3>: Specifies a space-separated list of up to three track entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry is in positive state.

Usage guidelines

To monitor the status of an AC, associate it with track entries.

To configure this command for an Ethernet service instance, you must first use the encapsulation command to add a traffic match criterion to the service instance.

For traffic that matches the Ethernet service instance, the system uses the VSI's MAC address table to make a forwarding decision.

The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.

·     VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.

¡     For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.

¡     For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.

In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.

·     Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.

¡     For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.

¡     For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.

In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.

Examples

# On HundredGigE 1/0/1, configure Ethernet service instance 200 to match frames with an outer 802.1Q VLAN tag of 200, and map the instance to VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] quit

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 200

[Sysname-HundredGigE1/0/1-srv200] encapsulation s-vid 200

[Sysname-HundredGigE1/0/1-srv200] xconnect vsi vpn1

Related commands

display l2vpn service-instance

encapsulation

vsi