- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-VXLAN commands | 132.84 KB |
VXLAN commands
The following compatibility matrixes show the support of hardware platforms for VXLAN:
Hardware platform |
Module type |
VXLAN compatibility |
M9006 M9010 M9014 |
Blade IV firewall module |
Yes |
Blade V firewall module |
Yes |
|
NAT module |
Yes |
|
Application delivery engine (ADE) module |
Yes |
|
Anomaly flow cleaner (AFC) module |
No |
|
M9010-GM |
Encryption module |
Yes |
M9016-V |
Blade V firewall module |
Yes |
M9008-S M9012-S |
Blade IV firewall module |
Yes |
Application delivery engine (ADE) module |
Yes |
|
Intrusion prevention service (IPS) module |
Yes |
|
Video network gateway module |
Yes |
|
Anomaly flow cleaner (AFC) module |
No |
|
M9008-S-6GW |
IPv6 module |
Yes |
M9008-S-V |
Blade IV firewall module |
Yes |
M9000-AI-E8 |
Blade V firewall module |
Yes |
Application delivery engine (ADE) module |
Yes |
|
M9000-AI-E16 |
Blade V firewall module |
Yes |
Basic VXLAN commands
description
Use description to configure a description for a VSI.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A VSI does not have a description.
Views
VSI view
Predefined user roles
network-admin
context-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 80 characters.
Examples
# Configure a description for VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] description vsi for vpn1
Related commands
display l2vpn vsi
display l2vpn interface
Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs.
Syntax
display l2vpn interface [ vsi vsi-name | interface-type interface-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
interface-type interface-number: Specifies an interface by its type and number.
verbose: Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, the command displays brief information about Layer 3 interfaces.
Usage guidelines
If you do not specify any parameters, this command displays brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
Examples
# Display brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface
Total number of interfaces: 2, 1 up, 1 down
Interface Owner Link ID State Type
GE1/0/1 vxlan3 1 Up VSI
GE1/0/2 vxlan4 2 Down VSI
Table 1 Command output
Field |
Description |
Interface |
Layer 3 interface name. |
Owner |
VSI name. |
Link ID |
The interface's link ID on the VSI. |
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
# Display detailed L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface verbose
Interface: GE1/0/1
Owner : vsi1
Link ID : 0
State : Up
Type : VSI
Interface: GE1/0/2
Owner : vsi2
Link ID : 0
State : Down
Type : VSI
Table 2 Command output
Field |
Description |
Interface |
Layer 3 interface name. |
Owner |
VSI name. |
Link ID |
The interface's link ID on the VSI. |
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
Related commands
display l2vpn service-instance
display l2vpn mac-address
Use display l2vpn mac-address to display MAC address entries for VSIs.
Syntax
display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.
dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:
· Dynamic remote- and local-MAC entries.
VXLAN does not support static local-MAC entries.
count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.
Examples
# Display MAC address entries for all VSIs.
<Sysname> display l2vpn mac-address
MAC Address State VSI Name Link ID/Name Aging
0000-0000-000c Dynamic vpn1 Tunnel60 Aging
0000-0000-000d Dynamic vpn1 Tunnel99 Aging
--- 3 mac address(es) found ---
# Display the total number of MAC address entries in all VSIs.
<Sysname> display l2vpn mac-address count
3 mac address(es) found
Table 3 Command output
Field |
Description |
State |
Entry state: Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. |
Link ID/Name |
For a local MAC address, this field displays the AC's link ID on the VSI. For a remote MAC address, this field displays the tunnel interface name. |
Aging |
Entry aging state: · Aging. · NotAging. |
Related commands
reset l2vpn mac-address
display l2vpn service-instance
Use display l2vpn service-instance to display information about Ethernet service instances.
Syntax
display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, this command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.
service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays information about all Ethernet service instances on the specified Layer 2 Ethernet interface or Layer 2 aggregate interface.
verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.
Examples
# Display brief information about all Ethernet service instances.
<Sysname> display l2vpn service-instance
Total number of service-instances: 4, 4 up, 0 down
Total number of ACs: 2, 2 up, 0 down
Interface SrvID Owner LinkID State Type
GE1/0/1 3 vsi12 1 Up VSI
GE1/0/1 4 vsi13 1 Up VSI
Table 4 Command output
Field |
Description |
Total number of ACs |
Total number of attachment circuits (ACs) and the number of ACs in each state (up or down). |
Interface |
Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface. |
SrvID |
Ethernet service instance ID. |
Owner |
VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI. |
LinkID |
Ethernet service instance's link ID on the VSI. |
State |
Ethernet service instance state: · Up. · Down. |
Type |
L2VPN type of the Ethernet service instance: · VSI. · VPWS. |
# Display detailed information about all Ethernet service instances on GigabitEthernet 1/0/1.
<Sysname> display l2vpn service-instance interface gigabitethernet 1/0/1 verbose
Interface: GE1/0/1
Service Instance: 1
Encapsulation : s-vid 16
VSI Name : vsi10
Link ID : 1
State : Up
Table 5 Command output
Field |
Description |
Interface |
Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface. |
Service Instance |
Ethernet service instance ID. |
Encapsulation |
Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain a match criterion, the command does not display this field. |
Link ID |
Ethernet service instance's link ID on the VSI. |
State |
Ethernet service instance state: · Up. · Down. |
Related commands
service-instance
display l2vpn vsi
Use display l2vpn vsi to display information about VSIs.
Syntax
display l2vpn vsi [ name vsi-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.
verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.
Examples
# Display brief information about all VSIs.
<Sysname> display l2vpn vsi
Total number of VSIs: 1, 1 up, 0 down, 0 admin down
VSI Name VSI Index MTU State
vpna 0 1500 Up
Table 6 Command output
Field |
Description |
MTU |
MTU on the VSI. |
State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Admin down—The VSI has been manually shut down by using the shutdown command. |
# Display detailed information about all VSIs.
<Sysname> display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy : Slave
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood Proxy Split horizon
Tunnel1 0x5000001 Up Manual Disabled Enabled
Tunnel2 0x5000002 Up Manual Disabled Enabled
ACs:
AC Link ID State
GE1/0/1 0 Up
Table 7 Command output
Field |
Description |
VSI Description |
Description of the VSI. If the VSI does not have a description, the command does not display this field. |
VSI State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command. |
MTU |
MTU on the VSI. |
Bandwidth |
This field is not supported in the current software version. Maximum bandwidth (in kbps) for known unicast traffic on the VSI. |
Broadcast Restrain |
This field is not supported in the current software version. Broadcast restraint bandwidth (in kbps). |
Multicast Restrain |
This field is not supported in the current software version. Multicast restraint bandwidth (in kbps). |
Unknown Unicast Restrain |
This field is not supported in the current software version. Unknown unicast restraint bandwidth (in kbps). |
MAC Learning |
State of the MAC learning feature. |
MAC Table Limit |
Maximum number of MAC address entries on the VSI. |
MAC Learning Rate |
This field is not supported in the current software version. MAC address entry learning rate of the VSI. |
Drop Unknown |
Action on source MAC-unknown frames received after the maximum number of MAC entries is reached. |
PW Redundancy |
PW redundancy mode: · Slave—Master/slave mode and the local PE operates as the slave node. · Master—Master/slave mode and the local PE operates as the master node. This field is not supported by a VXLAN network. |
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. This state is not supported in the current software version. · Down—The tunnel interface is down. |
Type |
Tunnel assignment method: Manual—The tunnel was manually assigned to the VXLAN. |
Flood Proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
Split horizon |
State of split horizon: · Enabled—Split horizon is enabled on the VXLAN tunnel. The VXLAN tunnel does not forward the traffic that is received on other VXLAN tunnels. · Disabled—Split horizon is disabled on the VXLAN tunnel. The VXLAN tunnel forwards the traffic that is received on other VXLAN tunnels. |
ACs |
ACs that are bound to the VSI. |
Link ID |
AC's link ID on the VSI. |
State |
AC state: · Up. · Down. |
display vxlan tunnel
Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.
Syntax
display vxlan tunnel [ vxlan-id vxlan-id [ tunnel tunnel-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.
tunnel tunnel-number: Specifies a VXLAN tunnel. The tunnel-number argument represents the tunnel interface number. The value range for the tunnel-number argument is 0 to 65534. If you do not specify a VXLAN tunnel, this command displays information about all VXLAN tunnels associated with the specified VXLAN.
Examples
# Display VXLAN tunnel information for all VXLANs.
<Sysname> display vxlan tunnel
Total number of VXLANs: 1
VXLAN ID: 10, VSI name: vpna, Total tunnels: 3 (3 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy Split horizon
Tunnel1 0x5000001 Up Manual Disabled Enabled
Tunnel2 0x5000002 Up Manual Disabled Enabled
# Display VXLAN tunnel information for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10
VXLAN ID: 10, VSI name: vpna, Total tunnels: 3 (3 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy Split horizon
Tunnel1 0x5000001 Up Manual Disabled Enabled
Tunnel2 0x5000002 Up Manual Disabled Enabled
# Display information about VXLAN tunnel 0 for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10 tunnel 0
Interface: Tunnel0
Link ID : 0x5000000
State : Up
Type : Manual
Flood Proxy : Disabled
Split horizon : Enabled
Table 8 Command output
Field |
Description |
Link ID |
Tunnel's link ID in the VXLAN. |
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. This state is not supported in the current software version. · Down—The tunnel interface is down. |
Type |
Tunnel assignment method: Manual—The tunnel was manually assigned to the VXLAN. |
Flood proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
Split horizon |
State of split horizon: · Enabled—Split horizon is enabled on the VXLAN tunnel. The VXLAN tunnel does not forward the traffic that is received on other VXLAN tunnels. · Disabled—Split horizon is disabled on the VXLAN tunnel. The VXLAN tunnel forwards the traffic that is received on other VXLAN tunnels. |
Related commands
tunnel
vxlan
encapsulation
Use encapsulation to configure a frame match criterion for an Ethernet service instance.
Use undo encapsulation to restore the default.
Syntax
encapsulation s-vid vlan-id-list [ only-tagged ]
encapsulation { default | tagged | untagged }
undo encapsulation
Default
An Ethernet service instance does not contain a frame match criterion.
Views
Ethernet service instance view
Predefined user roles
network-admin
context-admin
Parameters
s-vid: Matches frames that are tagged with the specified outer 802.1Q VLAN IDs.
vlan-id: Specifies an 802.1Q VLAN ID in the range of 1 to 4094.
vlan-id-list: Specifies a space-separated list of up to eight VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the format of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094.
only-tagged: Matches tagged frames. If the outer 802.1Q VLAN is not the PVID, the matching result does not differ, whether or not you specify the only-tagged keyword. If the outer 802.1Q VLAN is the PVID, the matching result depends on whether or not the only-tagged keyword is specified.
· To match only PVID-tagged frames, specify the only-tagged keyword.
· To match both untagged frames and PVID-tagged frames, do not specify the only-tagged keyword.
default: Matches frames that do not match any other Ethernet service instance on the interface. On an interface, you can configure this criterion only in one Ethernet service instance. The Ethernet service instance matches any frames if it is the only instance on the interface.
tagged: Matches any frames that have an 802.1Q VLAN tag.
untagged: Matches any frames that do not have an 802.1Q VLAN tag.
Usage guidelines
An Ethernet service instance can contain only one match criterion. To change the match criterion, first execute the undo encapsulation command to remove the original criterion. When you remove the match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.
Examples
# Configure Ethernet service instance 1 on GigabitEthernet 1/0/1 to match frames that have an outer 802.1Q VLAN ID of 111.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] service-instance 1
[Sysname-GigabitEthernet1/0/1-srv1] encapsulation s-vid 111
Related commands
display l2vpn service-instance
l2vpn enable
Use l2vpn enable to enable L2VPN.
Use undo l2vpn enable to disable L2VPN.
Syntax
l2vpn enable
undo l2vpn enable
Default
L2VPN is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
You must enable L2VPN before you can configure L2VPN settings.
Examples
# Enable L2VPN.
<Sysname> system-view
[Sysname] l2vpn enable
mtu
Use mtu to set the MTU for a VSI.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The default MTU of a VSI is 1500 bytes.
Views
VSI view
Predefined user roles
network-admin
context-admin
Parameters
size: Specifies an MTU value. The value range for this argument is 300 to 65535.
Usage guidelines
The MTU set by using this command limits the maximum length of the packets that a VSI receives from ACs and forwards through VXLAN tunnels. The MTU does not limit the maximum length of other packets in the VXLAN VSI.
Fragmentation is disabled for a VSI that uses the default MTU. If you set a MTU for a VSI, the packets longer than the MTU are fragmented.
Examples
# Set the MTU to 1400 bytes for VSI vxlan1.
<Sysname> system-view
[Sysname] vsi vxlan1
[Sysname-vsi-vxlan1] mtu 1400
Related commands
display l2vpn vsi
reset l2vpn mac-address
Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.
Syntax
reset l2vpn mac-address [ vsi vsi-name ]
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.
Usage guidelines
Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.
Examples
# Clear the dynamic MAC address entries on VSI vpn1.
<Sysname> reset l2vpn mac-address vsi vpn1
Related commands
display l2vpn mac-address vsi
service-instance
Use service-instance to create an Ethernet service instance and enter its view, or enter the view of an existing Ethernet service instance.
Use undo service-instance to delete an Ethernet service instance.
Syntax
service-instance instance-id
undo service-instance instance-id
Default
No Ethernet service instances exist.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
context-admin
Parameters
instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.
Examples
# On Layer 2 Ethernet interface GigabitEthernet 1/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] service-instance 1
[Sysname-GigabitEthernet1/0/1-srv1]
Related commands
display l2vpn service-instance
shutdown
Use shutdown to shut down a VSI.
Use undo shutdown to bring up a VSI.
Syntax
shutdown
undo shutdown
Default
VSIs are not manually shut down.
Views
VSI view
Predefined user roles
network-admin
context-admin
Usage guidelines
Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.
Examples
# Shut down VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] shutdown
Related commands
display l2vpn vsi
tunnel
Use tunnel to assign a VXLAN tunnel to a VXLAN.
Use undo tunnel to remove a VXLAN tunnel from a VXLAN.
Syntax
tunnel tunnel-number [ flooding-proxy ]
undo tunnel tunnel-number
Default
A VXLAN does not contain VXLAN tunnels.
Views
VXLAN view
Predefined user roles
network-admin
context-admin
Parameters
tunnel-number: Specifies a tunnel interface number. The value range for this argument is 0 to 1023. The tunnel must be a VXLAN tunnel.
flooding-proxy: Enables flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs. If you do not specify this keyword, flood proxy is disabled on the tunnel.
Usage guidelines
This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. In unicast mode, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.
You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs.
On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups that do not forward traffic when the primary proxy tunnel is operating correctly.
To modify the flood proxy setting on a VXLAN tunnel, you must first use the undo tunnel command to remove the tunnel.
Examples
# Assign VXLAN tunnels 1 and 2 to VXLAN 10000.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000] tunnel 1
[Sysname-vsi-vpna-vxlan-10000] tunnel 2
Related commands
display vxlan tunnel
tunnel global source-address
Use tunnel global source-address to specify a global source address for VXLAN tunnels.
Use undo tunnel global source-address to restore the default.
Syntax
tunnel global source-address ip-address
undo tunnel global source-address
Default
No global source address is specified for VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
ip-address: Specifies an IP address.
Usage guidelines
A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.
The global source address takes effect only on VXLAN tunnels.
Examples
# Specify 1.1.1.1 as the global source address for VXLAN tunnels.
<Sysname> system-view
[Sysname] tunnel global source-address 1.1.1.1
vsi
Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.
Use undo vsi to delete a VSI.
Syntax
vsi vsi-name
undo vsi vsi-name
Default
No VSIs exist.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.
A VSI can provide services only for one VXLAN.
Examples
# Create VSI vxlan10 and enter VSI view.
<Sysname> system-view
[Sysname] vsi vxlan10
[Sysname-vsi-vxlan10]
Related commands
display l2vpn vsi
vxlan
Use vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN.
Use undo vxlan to restore the default.
Syntax
vxlan vxlan-id
undo vxlan
Default
No VXLANs exist.
Views
VSI view
Predefined user roles
network-admin
context-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.
Examples
# Create VXLAN 10000 for VSI vpna and enter VXLAN view.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000]
Related commands
vsi
vxlan fast-forwarding enable
Use vxlan fast-forwarding enable to enable VXLAN fast forwarding.
Use undo vxlan fast-forwarding enable to disable VXLAN fast forwarding.
Syntax
vxlan fast-forwarding enable
undo vxlan fast-forwarding enable
Default
VXLAN fast forwarding is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
VXLAN fast forwarding enables the device to bypass QoS and security services when the device forwards data traffic over VXLAN tunnels based on the software. As a best practice, enable this feature to improve forwarding speed only when QoS and security services are not configured on the following interfaces:
· VSI interfaces.
· Traffic outgoing interfaces for VXLAN tunnels.
When VXLAN fast forwarding is enabled, a VXLAN tunnel cannot use ECMP routes to load share traffic. Instead, it selects one route from the ECMP routes to forward VXLAN packets.
Examples
# Enable VXLAN fast forwarding.
<Sysname> system
[Sysname] vxlan fast-forwarding enable
vxlan invalid-udp-checksum discard
Use vxlan invalid-udp-checksum discard to enable the device to drop the VXLAN packets that fail UDP checksum check.
Use undo vxlan invalid-udp-checksum discard to restore the default.
Syntax
vxlan invalid-udp-checksum discard
undo vxlan invalid-udp-checksum discard
Default
The device does not check the UDP checksum of VXLAN packets.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
This command enables the device to check the UDP checksum of VXLAN packets.
The device always sets the UDP checksum of VXLAN packets to 0. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is 0 or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.
Examples
# Enable the device to drop the VXLAN packets that fail UDP checksum check.
<Sysname> system-view
[Sysname] vxlan invalid-udp-checksum discard
vxlan udp-port
Use vxlan udp-port to set the destination UDP port number for VXLAN packets.
Use undo vxlan udp-port to restore the default.
Syntax
vxlan udp-port port-number
undo vxlan udp-port
Default
The destination UDP port number is 4789 for VXLAN packets.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.
Usage guidelines
You must configure the same destination UDP port number on all VTEPs in a VXLAN.
Examples
# Set the destination UDP port number to 6666 for VXLAN packets.
<Sysname> system-view
[Sysname] vxlan udp-port 6666
xconnect vsi
Use xconnect vsi to map an AC to a VSI.
Use undo xconnect vsi to restore the default.
Syntax
xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] [ track track-entry-number&<1-3> ]
undo xconnect vsi
Default
An AC is not mapped to any VSI.
Views
Ethernet service instance view
Interface view
Predefined user roles
network-admin
context-admin
Parameters
vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
access-mode: Specifies an access mode. If the AC is an Ethernet service instance or Layer 3 subinterface, you can specify this keyword. The default access mode is VLAN. If the AC is a Layer 3 interface, you cannot specify this keyword.
ethernet: Specifies the Ethernet access mode.
vlan: Specifies the VLAN access mode.
track track-entry-number&<1-3>: Specifies a space-separated list of up to three track entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry is in positive state.
Usage guidelines
For traffic that matches a Layer 3 interface, the system uses the VSI's MAC address table to make a forwarding decision.
For traffic that matches an Ethernet service instance on an interface, the system uses the VSI's MAC address table to make a forwarding decision.
To execute this command for an Ethernet service instance, you must first use the encapsulation command to add a traffic match criterion to the service instance.
The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.
· VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.
¡ For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.
¡ For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.
In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.
· Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.
¡ For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.
¡ For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.
In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.
After you modify the access mode on a Layer 3 subinterface AC, local VMs that access the VXLAN network through the subinterface cannot communicate with remote VMs. To resolve this issue, you must clear the ARP entries on the local VMs or configure them to periodically send gratuitous ARP packets.
Examples
# Map GigabitEthernet 1/0/1 to VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] quit
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] xconnect vsi vpn1
Related commands
display l2vpn interface
display l2vpn service-instance
encapsulation
vsi