- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Basic VXLAN commands | 140.29 KB |
Basic VXLAN commands
The device does not support VXLAN-DCI or EVPN-DCI.
arp suppression enable
Use arp suppression enable to enable ARP flood suppression.
Use undo arp suppression enable to disable ARP flood suppression.
Syntax
arp suppression enable
undo arp suppression enable
Default
ARP flood suppression is disabled.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.
This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.
Examples
# Enable ARP flood suppression for VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] arp suppression enable
Related commands
display arp suppression vsi
reset arp suppression vsi
description
Use description to configure a description for a VSI.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A VSI does not have a description.
Views
VSI view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 80 characters.
Examples
# Configure a description for VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] description vsi for vpn1
Related commands
display l2vpn vsi
display arp suppression vsi
Use display arp suppression vsi to display ARP flood suppression entries.
Syntax
display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on the active MPU.
count: Displays the number of ARP flood suppression entries that match the command.
Examples
# Display ARP flood suppression entries.
<Sysname> display arp suppression vsi
IP address MAC address VSI name Link ID Aging(min)
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# Display the number of ARP flood suppression entries.
<Sysname> display arp suppression vsi count
Total entries: 3
Table 1 Command output
Field |
Description |
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
Aging |
Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted. |
Related commands
arp suppression enable
reset arp suppression vsi
display l2vpn interface
Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs.
Syntax
display l2vpn interface [ vsi vsi-name | interface-type interface-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
interface-type interface-number: Specifies an interface by its type and number.
verbose: Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, the command displays brief information about Layer 3 interfaces.
Usage guidelines
If you do not specify any parameters, this command displays brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
Examples
# Display brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface
Total number of interfaces: 2, 1 up, 1 down
Interface Owner Link ID State Type
GE1/0/1 vxlan3 1 Up VSI
GE1/0/2 vxlan4 2 Down VSI
Table 2 Command output
Field |
Description |
Interface |
Layer 3 interface name. |
Owner |
VSI name. |
Link ID |
The interface's link ID on the VSI. |
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
# Display detailed L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface verbose
Interface: GE0/0/1
Owner : vsi1
Link ID : 0
State : Up
Type : VSI
Statistics : Enabled
Input Statistics:
Octets :994496
Packets :15539
Output Statistics:
Octets :0
Packets :0
Interface: GE0/0/2
Owner : vsi2
Link ID : 0
State : Down
Type : VSI
Statistics : Enabled
Input Statistics:
Octets :0
Packets :0
Output Statistics:
Octets :0
Packets :0
Table 3 Command output
Field |
Description |
Interface |
Layer 3 interface name. |
Owner |
VSI name. |
Link ID |
The interface's link ID on the VSI. |
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the interface. · Disabled—The packet statistics feature is disabled for the interface. |
Input Statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. |
Output Statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. |
display l2vpn mac-address
Use display l2vpn mac-address to display MAC address entries for VSIs.
Syntax
display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.
dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:
· Dynamic remote- and local-MAC entries.
· Remote-MAC entries advertised through BGP EVPN.
· Manually added static remote- and local-MAC entries.
· Remote-MAC entries issued through OpenFlow.
count: Displays the number of MAC address entries.
verbose: Displays detailed information about MAC address entries.
Usage guidelines
If you do not specify the count or verbose keyword, this command displays brief information about MAC address entries.
Examples
# Display brief information about MAC address entries for all VSIs.
<Sysname> display l2vpn mac-address
MAC Address State VSI Name Link ID/Name Aging
0000-0000-000b Static vpn1 Tunnel10 NotAging
0000-0000-000c Dynamic vpn1 Tunnel60 Aging
0000-0000-000d Dynamic vpn1 Tunnel99 Aging
--- 3 mac address(es) found ---
# Display the total number of MAC address entries in all VSIs.
<Sysname> display l2vpn mac-address count
3 mac address(es) found
Table 4 Command output
Field |
Description |
State |
Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static local- and remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. |
Link ID/Name |
For a local MAC address, this field displays the interface name. For a remote MAC address, this field displays the tunnel interface name. |
Aging |
Entry aging state: · Aging. · NotAging. |
# Display detailed information about MAC address entries for all VSIs.
<Sysname> display l2vpn mac-address verbose
MAC Address : 0000-0000-000b
VSI Name : vpn1
VXLAN ID : 123
Interface : GE0/0/1
Link ID : 1
State : Dynamic
Aging : Aging
Table 5 Command output
Field |
Description |
Interface |
For a local MAC address, this field displays the interface name. For a remote MAC address, this field displays the tunnel interface name. |
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
State |
Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static local- or remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. |
Aging |
Entry aging state: · Aging. · NotAging. |
Related commands
reset l2vpn mac-address
display l2vpn vsi
Use display l2vpn vsi to display information about VSIs.
Syntax
display l2vpn vsi [ name vsi-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.
verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.
Examples
# Display brief information about all VSIs.
<Sysname> display l2vpn vsi
Total number of VSIs: 1, 0 up, 1 down, 0 admin down
VSI Name VSI Index State
vpna 0 Down
Table 6 Command output
Field |
Description |
State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Admin down—The VSI has been manually shut down by using the shutdown command. |
# Display detailed information about all VSIs.
<Sysname> display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : -
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : -
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Enabled
Input statistics :
Octets : 0
Packets : 0
Errors : 0
Discards : 0
Output statistics:
Octets : 0
Packets : 0
Errors : 0
Discards : 0
Gateway Interface : VSI-interface 100
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
ACs:
AC Link ID State Type
GE1/0/1 0 Up Manual
Table 7 Command output
Field |
Description |
VSI Description |
Description of the VSI. If the VSI does not have a description, the command does not display this field. |
VSI State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command. |
MTU |
MTU on the VSI. |
Bandwidth |
Bandwidth limit in kbps. If no bandwidth limit is set for the VSI, Unlimited is displayed. |
Broadcast Restrain |
Broadcast restraint bandwidth (in kbps). If the broadcast restraint bandwidth is not set, Unlimited is displayed. |
Multicast Restrain |
Multicast restraint bandwidth (in kbps). If the multicast restraint bandwidth is not set, Unlimited is displayed. |
Unknown Unicast Restrain |
Unknown unicast restraint bandwidth (in kbps). If the unknown unicast restraint bandwidth is not set, Unlimited is displayed. |
MAC Learning |
State of the MAC learning feature. |
MAC Table Limit |
Maximum number of MAC address entries on the VSI. |
Drop Unknown |
Action on source MAC-unknown frames received after the maximum number of MAC entries is reached. |
Flooding |
State of the VSI's flooding feature: · Enabled—Flooding is enabled on the VSI. · Disabled—Flooding is disabled on the VSI. |
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the VSI. · Disabled—The packet statistics feature is disabled for the VSI. |
Input statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. · Errors—Number of error packets. · Discards—Number of discarded packets. |
Output statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. · Errors—Number of error packets. · Discards—Number of discarded packets. |
Gateway Interface |
VSI interface name. |
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. · Down—The tunnel interface is down. |
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ¡ For an EVPN network, VXLAN tunnels are automatically assigned to VXLANs. ¡ For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
Flood proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
ACs |
ACs that are bound to the VSI. |
Link ID |
AC's link ID on the VSI. |
State |
AC state: · Up. · Down. |
Type |
Type and traffic match mode of the AC. Manual represents a static AC in VLAN-based traffic match mode. |
display vxlan tunnel
Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.
Syntax
display vxlan tunnel [ vxlan-id vxlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.
Examples
# Display VXLAN tunnel information for all VXLANs.
<Sysname> display vxlan tunnel
Total number of VXLANs: 1
VXLAN ID: 10, VSI name: vpna, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
# Display VXLAN tunnel information for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10
VXLAN ID: 10, VSI name: vpna, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
Table 8 Command output
Field |
Description |
Link ID |
Tunnel's link ID in the VXLAN. |
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. · Down—The tunnel interface is down. |
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ¡ For an EVPN network, VXLAN tunnels are automatically assigned to VXLANs. ¡ For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
Flood proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
Related commands
tunnel
vxlan
flooding disable (VSI view)
Use flooding disable to disable flooding for a VSI.
Use undo flooding disable to enable flooding for a VSI.
Syntax
flooding disable { all | { broadcast | unknown-multicast | unknown-unicast } * } [ all-direction ]
undo flooding disable
Default
Flooding is enabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
all: Specifies broadcast, unknown unicast, and unknown multicast traffic.
broadcast: Specifies broadcast traffic.
unknown-multicast: Specifies unknown multicast traffic.
unknown-unicast: Specifies unknown unicast traffic.
all-direction: Disables flooding traffic received from an AC, VXLAN tunnel interface, or PW to any other ACs and VXLAN tunnel interfaces or PWs of the same VSI. If you do not specify this keyword, the command only disables flooding traffic received from ACs to VXLAN tunnel interfaces or PWs of the VSI.
Usage guidelines
By default, the device floods broadcast, unknown unicast, and unknown multicast frames received from the local site to the following interfaces in the frame's VXLAN:
· All site-facing interfaces except for the incoming interface.
· All VXLAN tunnel interfaces.
When receiving broadcast, unknown unicast, and unknown multicast frames on VXLAN tunnel interfaces, the device floods the frames to all site-facing interfaces in the frames' VXLAN.
To confine a kind of flood traffic, use this command to disable flooding for that kind of flood traffic on the VSI bound to the VXLAN.
You cannot specify the unknown-multicast or unknown-unicast keyword alone. If you specify one of the keywords, you must also specify the other.
Examples
# Disable flooding of local broadcast traffic to remote sites for VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] flooding disable broadcast
l2vpn enable
Use l2vpn enable to enable L2VPN.
Use undo l2vpn enable to disable L2VPN.
Syntax
l2vpn enable
undo l2vpn enable
Default
L2VPN is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You must enable L2VPN before you can configure L2VPN settings.
Examples
# Enable L2VPN.
<Sysname> system-view
[Sysname] l2vpn enable
mac-address static vsi
Use mac-address static vsi to add a static MAC address entry for a VXLAN VSI.
Use undo mac-address static vsi to remove a static MAC address entry for a VXLAN VSI.
Syntax
mac-address static mac-address interface tunnel tunnel-number vsi vsi-name
undo mac-address static [ mac-address ] interface tunnel tunnel-number vsi vsi-name
Default
VXLAN VSIs do not have static MAC address entries.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
interface tunnel tunnel-number: Specifies a VXLAN tunnel interface by its tunnel interface number. The tunnel interface must already exist. This option applies to remote MAC addresses.
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A remote MAC address is the MAC address of a VM in a remote site. Remote MAC entries include manually added MAC entries, dynamically learned MAC entries, and MAC entries advertised through BGP EVPN.
When you add a remote MAC address entry, make sure the VSI's VXLAN has been specified on the VXLAN tunnel.
Do not configure static remote-MAC entries for tunnels that are automatically established by using EVPN.
· EVPN re-establishes tunnels if the transport-facing interface goes down and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.
· EVPN re-establishes tunnels if you perform configuration rollback. If the tunnel IDs change during tunnel re-establishment, configuration rollback fails, and static remote-MAC entries on the tunnels cannot be restored.
The undo mac-address static vsi vsi-name command removes all static MAC address entries for a VSI.
Examples
# Add MAC address 000f-e201-0101 to VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1
Related commands
vxlan tunnel mac-learning disable
reserved vxlan
Use reserved vxlan to specify a reserved VXLAN.
Use undo reserved vxlan to restore the default.
Syntax
reserved vxlan vxlan-id
undo reserved vxlan
Default
No VXLAN has been reserved.
Views
System view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can specify only one reserved VXLAN on the VTEP. The reserved VXLAN cannot be the VXLAN created on any VSI.
The reserved VXLAN ID cannot be the same as the remote VXLAN ID specified by using the mapping vni command.
Examples
# Specify VXLAN 10000 as the reserved VXLAN.
<Sysname> system-view
[Sysname] reserved vxlan 10000
Related commands
mapping vni (EVPN Command Reference)
reset arp suppression vsi
Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.
Syntax
reset arp suppression vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.
Examples
# Clear ARP flood suppression entries on all VSIs.
<Sysname> reset arp suppression vsi
This command will delete all entries. Continue? [Y/N]:y
Related commands
arp suppression enable
display arp suppression vsi
reset l2vpn mac-address
Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.
Syntax
reset l2vpn mac-address [ vsi vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.
Usage guidelines
Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.
Examples
# Clear the dynamic MAC address entries on VSI vpn1.
<Sysname> reset l2vpn mac-address vsi vpn1
Related commands
display l2vpn mac-address vsi
selective-flooding mac-address
Use selective-flooding mac-address to enable selective flood for a MAC address.
Use undo selective-flooding mac-address to disable selective flood for a MAC address.
Syntax
selective-flooding mac-address mac-address
undo selective-flooding mac-address mac-address
Default
Selective flood is disabled for all MAC addresses.
Views
VSI view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address. The MAC address cannot be all Fs.
Usage guidelines
This command excludes a remote unicast or multicast MAC address from the remote flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when floods are confined to the local site.
Examples
# Enable selective flood for 000f-e201-0101 on VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101
Related commands
flooding disable (VSI view)
shutdown
Use shutdown to shut down a VSI.
Use undo shutdown to bring up a VSI.
Syntax
shutdown
undo shutdown
Default
VSIs are up.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.
Examples
# Shut down VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] shutdown
Related commands
display l2vpn vsi
tunnel
Use tunnel to assign VXLAN tunnels to a VXLAN.
Use undo tunnel to remove VXLAN tunnels from a VXLAN.
Syntax
tunnel { tunnel-number [ backup-tunnel tunnel-number | flooding-proxy ] | all }
undo tunnel { tunnel-number | all }
Default
A VXLAN does not contain VXLAN tunnels.
Views
VXLAN view
Predefined user roles
network-admin
Parameters
tunnel-number: Specifies a tunnel interface number. The value range for this argument is 0 to 10239.The tunnel must be a VXLAN tunnel.
backup-tunnel tunnel-number: Specifies a backup tunnel by its tunnel interface number. The value range for the tunnel-number argument is 0 to 10239.The tunnel must be a VXLAN tunnel.
flooding-proxy: Enables flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs. If you do not specify this keyword, flood proxy is disabled on the tunnel.
all: Specifies all VXLAN tunnels.
Usage guidelines
This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. In unicast mode, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.
You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs.
To assign a pair of primary and backup VXLAN tunnels to the VXLAN, specify the backup-tunnel tunnel-number option. When the primary VXLAN tunnel is operating correctly, the backup VXLAN tunnel does not forward traffic. When the primary VXLAN tunnel goes down, traffic is switched to the backup VXLAN tunnel.
On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups that do not forward traffic when the primary proxy tunnel is operating correctly.
To change a flood proxy tunnel for a VXLAN, perform the following tasks:
· Use the undo tunnel command to remove the flood proxy tunnel.
· Use the tunnel command to enable flood proxy on another tunnel and assign the tunnel to the VXLAN.
If you assign VXLAN tunnels to a VXLAN one by one, you cannot remove all the VXLAN tunnels by using the undo tunnel all command.
If you assign all VXLAN tunnels to a VXLAN by using the tunnel all command, you cannot remove the VXLAN tunnels one by one. You can only use the undo tunnel all command to remove all the VXLAN tunnels.
As a best practice, use the tunnel all command only when batch VXLAN tunnel assignment is necessary.
Examples
# Assign VXLAN tunnels 1 and 2 to VXLAN 10000.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000] tunnel 1
[Sysname-vsi-vpna-vxlan-10000] tunnel 2
Related commands
display vxlan tunnel
tunnel bfd enable
Use tunnel bfd enable to enable BFD on a VXLAN tunnel interface.
Use undo tunnel bfd enable to disable BFD on a VXLAN tunnel interface.
Syntax
tunnel bfd enable destination-mac mac-address
undo tunnel bfd enable
Default
BFD is disabled on a VXLAN tunnel interface.
Views
VXLAN tunnel interface view
Predefined user roles
network-admin
Parameters
destination-mac mac-address: Specifies a destination MAC address in H-H-H format for BFD control packets. The MAC address can be a remote VTEP address or a multicast address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
Usage guidelines
Enable BFD on both ends of a VXLAN tunnel for quick link connectivity detection. The VTEPs periodically send BFD single-hop control packets to each other through the VXLAN tunnel. A VTEP sets the tunnel state to Defect if it has not received control packets from the remote end for 5 seconds. In this situation, the tunnel interface state is still Up. The tunnel state will change from Defect to Up if the VTEP can receive BFD control packets again.
For BFD sessions to come up, you must reserve a VXLAN by using the reserved vxlan command.
Examples
# Enable BFD on VXLAN tunnel interface Tunnel 9, and specify 1-1-1 as the destination MAC address for BFD control packets.
<Sysname> system-view
[Sysname] interface tunnel 9 mode vxlan
[Sysname-Tunnel9] tunnel bfd enable destination-mac 1-1-1
vsi
Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.
Use undo vsi to delete a VSI.
Syntax
vsi vsi-name
undo vsi vsi-name
Default
No VSIs exist.
Views
System view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.
A VSI can provide services only for one VXLAN.
Examples
# Create VSI vxlan10 and enter VSI view.
<Sysname> system-view
[Sysname] vsi vxlan10
[Sysname-vsi-vxlan10]
Related commands
display l2vpn vsi
vxlan
Use vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN.
Use undo vxlan to restore the default.
Syntax
vxlan vxlan-id
undo vxlan
Default
No VXLANs exist.
Views
VSI view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.
Examples
# Create VXLAN 10000 for VSI vpna and enter VXLAN view.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000]
Related commands
vsi
vxlan local-mac report
Use vxlan local-mac report to enable local-MAC logging.
Use undo vxlan local-mac report to disable local-MAC logging.
Syntax
vxlan local-mac report
undo vxlan local-mac report
Default
Local-MAC logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When the local-MAC logging feature is enabled, the VXLAN module immediately sends a log message with its local MAC addresses to the information center. When a local MAC address is added or removed, a log message is also sent to the information center to notify the local-MAC change.
With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see System Management Configuration Guide.
Examples
# Enable local-MAC logging.
<Sysname> system-view
[Sysname] vxlan local-mac report
vxlan tunnel mac-learning disable
Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.
Use undo vxlan tunnel mac-learning disable to enable remote-MAC address learning.
Syntax
vxlan tunnel mac-learning disable
undo vxlan tunnel mac-learning disable
Default
Remote-MAC address learning is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.
Examples
# Disable remote-MAC address learning.
<Sysname> system-view
[Sysname] vxlan tunnel mac-learning disable
vxlan udp-port
Use vxlan udp-port to set the destination UDP port number for VXLAN packets.
Use undo vxlan udp-port to restore the default.
Syntax
vxlan udp-port port-number
undo vxlan udp-port
Default
The destination UDP port number is 4789 for VXLAN packets.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.
Usage guidelines
You must configure the same destination UDP port number on all VTEPs in a VXLAN.
Examples
# Set the destination UDP port number to 6666 for VXLAN packets.
<Sysname> system-view
[Sysname] vxlan udp-port 6666
xconnect vsi
Use xconnect vsi to map an AC to a VSI.
Use undo xconnect vsi to restore the default.
Syntax
xconnect vsi vsi-name [ access-mode { ethernet | vlan } ]
undo xconnect vsi
Default
An AC is not mapped to any VSI.
Views
Interface view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
access-mode: Specifies an access mode. The default access mode is VLAN.
ethernet: Specifies the Ethernet access mode.
vlan: Specifies the VLAN access mode.
Usage guidelines
For traffic that matches an AC of a VSI, the system uses the VSI's MAC address table to make a forwarding decision.
The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.
· VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.
¡ For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.
¡ For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.
In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.
· Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.
¡ For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.
¡ For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.
In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.
Examples
# Map GigabitEthernet 0/0/1 to VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] quit
[Sysname] interface gigabitethernet 0/0/1
[Sysname-GigabitEthernet0/0/1] xconnect vsi vpn1
Related commands
display l2vpn interface
encapsulation
vsi