Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Text | 369.19 KB |
selective-flooding mac-address
vxlan invalid-udp-checksum discard
vxlan invalid-vlan-tag discard
vxlan tunnel mac-learning disable
display interface vsi-interface
reset counters interface vsi-interface
vxlan tunnel arp-learning disable
display vxlan neighbor-discovery client member
display vxlan neighbor-discovery client statistics
display vxlan neighbor-discovery client summary
display vxlan neighbor-discovery server member
display vxlan neighbor-discovery server statistics
display vxlan neighbor-discovery server summary
vxlan neighbor-discovery authentication
vxlan neighbor-discovery client enable
vxlan neighbor-discovery client register-interval
vxlan neighbor-discovery server enable
display vxlan isis graceful-restart status
display vxlan isis remote-host
display vxlan isis remote-vxlan
overlay isis timer holding-multiplier
VXLAN commands
The following matrix shows the feature and hardware compatibility:
|
Hardware |
VXLAN compatibility |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
|
MSR810-LMS/810-LUS |
No |
|
MSR2600-6-X1/2600-10-X1 |
Yes |
|
MSR 2630 |
Yes |
|
MSR3600-28/3600-51 |
Yes |
|
MSR3600-28-SI/3600-51-SI |
No |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
|
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
|
MSR5620/5660/5680 |
Yes |
|
Hardware |
VXLAN compatibility |
|
MSR810-LM-GL |
Yes |
|
MSR810-W-LM-GL |
Yes |
|
MSR830-6EI-GL |
Yes |
|
MSR830-10EI-GL |
Yes |
|
MSR830-6HI-GL |
Yes |
|
MSR830-10HI-GL |
Yes |
|
MSR2600-6-X1-GL |
Yes |
|
MSR3600-28-SI-GL |
No |
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/ 810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
IPv6-related parameters are not supported on the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/ 810-LMS/810-LUS.
· MSR3600-28-SI/3600-51-SI.
Basic VXLAN commands
arp suppression enable
Use arp suppression enable to enable ARP flood suppression.
Use undo arp suppression enable to disable ARP flood suppression.
Syntax
arp suppression enable
undo arp suppression enable
Default
ARP flood suppression is disabled.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.
This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.
Examples
# Enable ARP flood suppression for the VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] arp suppression enable
Related commands
display arp suppression vsi
reset arp suppression vsi
description
Use description to configure a description for a VSI.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A VSI does not have a description.
Views
VSI view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 80 characters.
Examples
# Configure a description for the VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] description vsi for vpn1
Related commands
display l2vpn vsi
display arp suppression vsi
Use display arp suppression vsi to display ARP flood suppression entries.
Syntax
Centralized devices in standalone mode:
display arp suppression vsi [ name vsi-name ] [ count ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]
Distributed devices in IRF mode:
display arp suppression vsi [ name vsi-name ] [ chassis chassis-number slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays entries on the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the IRF member ID. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on the global active MPU. (Distributed devices in IRF mode.)
count: Displays the number of ARP flood suppression entries that match the command.
Examples
# (Centralized devices in standalone mode.) Display the ARP flood suppression entries for all VSIs.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# (Centralized devices in standalone mode.) Display the number of ARP flood suppression entries for all VSIs.
<Sysname> display arp suppression vsi count
Total entries: 3
# (Distributed devices in standalone mode.) Display the ARP flood suppression entries on the active MPU.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# (Distributed devices in standalone mode.) Display the number of ARP flood suppression entries on the active MPU.
<Sysname> display arp suppression vsi count
Total entries: 3
# (Centralized devices in IRF mode.) Display the ARP flood suppression entries on the master device.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# (Centralized devices in IRF mode.) Display the number of ARP flood suppression entries on the master device.
<Sysname> display arp suppression vsi count
Total entries: 3
# (Distributed devices in IRF mode.) Display the ARP flood suppression entries on the global active MPU.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# (Distributed devices in IRF mode.) Display the number of ARP flood suppression entries on the global active MPU.
<Sysname> display arp suppression vsi count
Total entries: 3
Table 1 Command output
|
Field |
Description |
|
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
|
Aging |
Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted. |
Related commands
arp suppression enable
reset arp suppression vsi
display l2vpn interface
Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs.
Syntax
display l2vpn interface [ vsi vsi-name | interface-type interface-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
interface-type interface-number: Specifies an interface by its type and number.
verbose: Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, the command displays brief information about Layer 3 interfaces.
Usage guidelines
If you do not specify any parameters, this command displays brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
Examples
# Display brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface
Total number of interfaces: 2, 1 up, 1 down
Interface Owner Link ID State Type
GE1/0/1 vxlan3 1 Up VSI
GE1/0/2 vxlan4 2 Down VSI
Table 2 Command output
|
Field |
Description |
|
Interface |
Layer 3 interface name. |
|
Owner |
VSI name. |
|
Link ID |
The interface's link ID on the VSI. |
|
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
|
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
# Display detailed L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface verbose
Interface: GE1/0/1
Owner : vsi1
Link ID : 0
State : Up
Type : VSI
Interface: GE1/0/2
Owner : vsi2
Link ID : 0
State : Down
Type : VSI
Table 3 Command output
|
Field |
Description |
|
Interface |
Layer 3 interface name. |
|
Owner |
VSI name. |
|
Link ID |
The interface's link ID on the VSI. |
|
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
|
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
display l2vpn mac-address
Use display l2vpn mac-address to display MAC address entries for VSIs.
Syntax
display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.
dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:
· Dynamic remote- and local-MAC entries.
· Remote-MAC entries advertised through VXLAN IS-IS.
· Remote-MAC entries advertised through BGP EVPN.
· Manually added static remote-MAC entries.
· Remote-MAC entries issued through OpenFlow.
VXLAN does not support static local-MAC entries.
count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.
Examples
# Display MAC address entries for all VSIs.
<Sysname> display l2vpn mac-address
MAC Address State VSI Name Link ID/Name Aging
0000-0000-000a Dynamic vpn1 1 Aging
0000-0000-000b Static vpn1 Tunnel10 NotAging
0000-0000-000c Dynamic vpn1 Tunnel60 Aging
0000-0000-000d Dynamic vpn1 Tunnel99 Aging
--- 4 mac address(es) found ---
# Display the total number of MAC address entries in all VSIs.
<Sysname> display l2vpn mac-address count
4 mac address(es) found
Table 4 Command output
|
Field |
Description |
|
State |
Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static remote-MAC entry. · IS-IS—Remote-MAC entry advertised through VXLAN IS-IS. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. |
|
Link ID/Name |
For a local MAC address, this field displays the AC's link ID on the VSI. For a remote MAC address, this field displays the tunnel interface name. |
|
Aging |
Entry aging state: · Aging. · NotAging. |
Related commands
reset l2vpn mac-address
display l2vpn vsi
Use display l2vpn vsi to display information about VSIs.
Syntax
display l2vpn vsi [ name vsi-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.
verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.
Examples
# Display brief information about all VSIs.
<Sysname> display l2vpn vsi
Total number of VSIs: 1, 1 up, 0 down, 0 admin down
VSI Name VSI Index MTU State
vpna 0 1500 Up
Table 5 Command output
|
Field |
Description |
|
MTU |
MTU on the VSI. |
|
State |
VSI state: · Up—The VSI is up. A VSI is up only when its VXLAN has an up VXLAN tunnel and an up AC. · Down—The VSI is down. · Admin down—The VSI has been manually shut down by using the shutdown command. |
# Display detailed information about all VSIs.
<Sysname> display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
Mac Learning rate : -
Drop Unknown : -
Flooding : Enabled
Gateway Interface : VSI-interface 100
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
ACs:
AC Link ID State
GE1/0/1 0 Up
Table 6 Command output
|
Field |
Description |
|
VSI Description |
Description of the VSI. If the VSI does not have a description, the command does not display this field. |
|
VSI State |
VSI state: · Up—The VSI is up. A VSI is up only when its VXLAN has an up VXLAN tunnel and an up AC. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command. |
|
MTU |
MTU on the VSI. |
|
Bandwidth |
Maximum bandwidth (in kbps) for known unicast traffic on the VSI. |
|
Broadcast Restrain |
Broadcast restraint bandwidth (in kbps). |
|
Multicast Restrain |
Multicast restraint bandwidth (in kbps). |
|
Unknown Unicast Restrain |
Unknown unicast restraint bandwidth (in kbps). |
|
MAC Learning |
State of the MAC learning feature. |
|
MAC Table Limit |
Maximum number of MAC address entries on the VSI. |
|
Mac Learning rate |
MAC address entry learning rate of the VSI. |
|
Drop Unknown |
Action on source MAC-unknown frames received after the maximum number of MAC entries is reached. |
|
Flooding |
State of the VSI's flooding feature: · Enabled—Flooding is enabled on the VSI. The VTEP floods unknown unicast frames to both local and remote sites. · Disabled—Flooding is disabled on the VSI. The VTEP floods unknown unicast frames only to local sites. |
|
Gateway Interface |
VSI interface name. |
|
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Down—The tunnel interface is down. |
|
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ¡ VXLAN IS-IS automatically assigned the tunnel to the VXLAN after VXLAN ID negotiation. ¡ For an EVPN network, VXLAN tunnels are automatically assigned to VXLANs. ¡ For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
|
Flood proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
|
ACs |
ACs that are bound to the VSI. |
|
Link ID |
AC's link ID on the VSI. |
|
State |
AC state: · Up. · Down. |
display vxlan tunnel
Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.
Syntax
display vxlan tunnel [ vxlan-id vxlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.
Examples
# Display VXLAN tunnel information for all VXLANs.
<Sysname> display vxlan tunnel
Total number of VXLANs: 1
VXLAN ID: 10, VSI name: vpna, Total tunnels: 3 (3 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 Up Manual Disabled
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
# Display VXLAN tunnel information for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10
VXLAN ID: 10, VSI name: vpna, Total tunnels: 3 (3 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 Up Manual Disabled
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
Table 7 Command output
|
Field |
Description |
|
Link ID |
Tunnel's link ID in the VXLAN. |
|
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Down—The tunnel interface is down. |
|
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ¡ VXLAN IS-IS automatically assigned the tunnel to the VXLAN after VXLAN ID negotiation. ¡ For an EVPN network, VXLAN tunnels are automatically assigned to VXLANs. ¡ For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
|
Flood proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
Related commands
negotiate-vni enable
tunnel
vxlan
flooding disable
Use flooding disable to disable flooding for a VSI.
Use undo flooding disable to enable flooding for a VSI.
Syntax
flooding disable
undo flooding disable
Default
Flooding is enabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
By default, the device floods unknown unicast frames received from the local site to the following interfaces in the frame's VXLAN:
· All site-facing interfaces except for the incoming interface.
· All VXLAN tunnel interfaces.
To confine unknown unicast traffic to the site-facing interfaces, use this command to disable flooding for the VSI bound to the VXLAN. The VSI will not flood unknown unicast frames to VXLAN tunnel interfaces.
Examples
# Disable flooding for the VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] flooding disable
l2vpn enable
Use l2vpn enable to enable L2VPN.
Use undo l2vpn enable to disable L2VPN.
Syntax
l2vpn enable
undo l2vpn enable
Default
L2VPN is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You must enable L2VPN before you can configure L2VPN settings.
Examples
# Enable L2VPN.
<Sysname> system-view
[Sysname] l2vpn enable
l2vpn rewrite inbound tag
Use l2vpn rewrite inbound tag to configure the VLAN tag processing rule for incoming traffic.
Use undo l2vpn rewrite inbound to restore the default.
Syntax
l2vpn rewrite inbound tag { nest { c-vid vlan-id | s-vid vlan-id [ c-vid vlan-id ] } | remark 1-to-2 s-vid vlan-id c-vid vlan-id } [ symmetric ]
undo l2vpn rewrite inbound
Default
VLAN tags of incoming traffic are not processed.
Views
Layer 3 aggregate interface view
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
nest: Adds VLAN tags.
c-vid: Specifies an inner VLAN tag.
s-vid: Specifies an outer VLAN tag.
vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
remark: Maps VLAN tags.
1-to-2: Performs one-to-two mapping to replace the VLAN tag of single tagged packets with the specified outer and inner VLAN tags.
symmetric: Applies the reverse VLAN tag processing rule to outgoing traffic. If you do not specify this keyword, VLAN tags of outgoing traffic are not processed.
Usage guidelines
To modify the VLAN tag processing rule for incoming traffic, first execute the undo l2vpn rewrite inbound command to remove the existing rule, and then execute the l2vpn rewrite inbound command.
When you use this command, follow these restrictions:
· The l2vpn rewrite inbound tag nest s-vid vlan-id c-vid vlan-id command takes effect only on untagged packets.
· The l2vpn rewrite inbound tag remark 1-to-2 command takes effect only on single tagged packets.
Examples
# Configure Layer 3 Ethernet interface GigabitEthernet 1/0/1 to add outer VLAN tag 100 to incoming frames and remove outer VLAN tag 100 from outgoing frames.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] l2vpn rewrite inbound tag nest s-vid 100 symmetric
mac-address static
Use mac-address static to add a static remote-MAC address entry.
Use undo mac-address static to remove a static remote-MAC address entry.
Syntax
mac-address static mac-address interface tunnel tunnel-number vsi vsi-name
undo mac-address static [ mac-address ] [ interface tunnel tunnel-number ] vsi vsi-name
Default
VXLAN VSIs do not have static remote-MAC address entries.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a remote MAC address in H-H-H format. Do not specify a multicast MAC address, an all-Fs address, or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
interface tunnel tunnel-number: Specifies the VXLAN tunnel interface for the remote MAC address. The tunnel-number argument represents the tunnel interface number, in the range of 0 to 10239. The tunnel interface must already exist.
vsi vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A remote MAC address is the MAC address of a VM in a remote site.
Remote MAC entries include the following types:
· Static—Manually added MAC entries.
· Dynamic—MAC entries learned in the data plane from incoming traffic on VXLAN tunnels.
· IS-IS—MAC entry advertised through VXLAN IS-IS.
· EVPN—MAC entry advertised through BGP EVPN.
· OpenFlow—MAC entry issued by a remote controller through OpenFlow.
When you add a remote MAC address entry, make sure the VSI's VXLAN has been specified on the VXLAN tunnel.
Do not configure static remote-MAC entries for VXLAN tunnels that are automatically established by using ENDP or EVPN.
· ENDP or EVPN re-establishes VXLAN tunnels if the transport-facing interface goes down, and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.
· ENDP or EVPN re-establishes VXLAN tunnels if you perform configuration rollback. If the tunnel IDs change during tunnel re-establishment, configuration rollback fails, and static remote-MAC entries on the tunnels cannot be restored.
The undo mac-address static vsi vsi-name command removes all static MAC address entries for a VSI.
Examples
# Add the MAC address 000f-e201-0101 to the VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1
Related commands
vxlan tunnel mac-learning disable
mtu
Use mtu to set the MTU for a VSI.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The default MTU of a VSI is 1500 bytes.
Views
VSI view
Predefined user roles
network-admin
Parameters
size: Specifies an MTU value in the range of 300 to 65535 bytes.
Usage guidelines
The MTU set by using this command limits the maximum length of the packets that a VSI receives from ACs and forwards through VXLAN tunnels. The MTU does not limit the maximum length of other packets.
Fragmentation is disabled for a VSI that uses the default MTU. If you set a MTU for a VSI, the packets longer than the MTU are fragmented.
Examples
# Set the MTU to 1400 bytes for VSI vxlan1.
<Sysname> system-view
[Sysname] vsi vxlan1
[Sysname-vsi-vxlan1] mtu 1400
Related commands
display l2vpn vsi
reset arp suppression vsi
Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.
Syntax
reset arp suppression vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.
Examples
# Clear ARP flood suppression entries on all VSIs.
<Sysname> reset arp suppression vsi
This command will delete all entries. Continue? [Y/N]:y
Related commands
arp suppression enable
display arp suppression vsi
reset l2vpn mac-address
Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.
Syntax
reset l2vpn mac-address [ vsi vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.
Usage guidelines
Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.
Examples
# Clear the dynamic MAC address entries on the VSI vpn1.
<Sysname> reset l2vpn mac-address vsi vpn1
Related commands
display l2vpn mac-address vsi
selective-flooding mac-address
Use selective-flooding mac-address to enable selective flood for a MAC address.
Use undo selective-flooding mac-address to disable selective flood for a MAC address.
Syntax
selective-flooding mac-address mac-address
undo selective-flooding mac-address mac-address
Default
Selective flood is disabled for all MAC addresses.
Views
VSI view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address. The MAC address cannot be all Fs.
Usage guidelines
This command excludes a remote MAC address from the flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown-unicast floods are confined to the local site.
Examples
# Enable selective flood for 000f-e201-0101 on the VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101
Related commands
flooding disable
shutdown
Use shutdown to shut down a VSI.
Use undo shutdown to bring up a VSI.
Syntax
shutdown
undo shutdown
Default
VSIs are up.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.
Examples
# Shut down the VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] shutdown
Related commands
display l2vpn vsi
tunnel
Use tunnel to assign a VXLAN tunnel to a VXLAN.
Use undo tunnel to remove a VXLAN tunnel from a VXLAN.
Syntax
tunnel tunnel-number [ flooding-proxy ]
undo tunnel tunnel-number
Default
A VXLAN does not contain VXLAN tunnels.
Views
VXLAN view
Predefined user roles
network-admin
Parameters
tunnel-number: Specifies a tunnel interface number. The tunnel must be a VXLAN tunnel. The following matrix shows the value range for the tunnel-number argument:
|
Hardware |
Value range |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
0 to 10239 |
|
MSR810-LMS/810-LUS |
0 to 1023 |
|
MSR2600-6-X1/2600-10-X1 |
0 to 10239 |
|
MSR 2630 |
0 to 10239 |
|
MSR3600-28/3600-51 |
0 to 10239 |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 10239 |
|
MSR 3610/3620/3620-DP/3640/3660 |
0 to 10239 |
|
MSR5620/5660/5680 |
0 to 10239 |
|
Hardware |
Value range |
|
MSR810-LM-GL |
0 to 10239 |
|
MSR810-W-LM-GL |
0 to 10239 |
|
MSR830-6EI-GL |
0 to 10239 |
|
MSR830-10EI-GL |
0 to 10239 |
|
MSR830-6HI-GL |
0 to 10239 |
|
MSR830-10HI-GL |
0 to 10239 |
|
MSR2600-6-X1-GL |
0 to 10239 |
|
MSR3600-28-SI-GL |
0 to 10239 |
flooding-proxy: Enables flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs. If you do not specify this keyword, flood proxy is disabled on the tunnel.
Usage guidelines
This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. Alternatively, you can use VXLAN IS-IS for automatic VXLAN tunnel assignment.
You can assign a maximum of 32 VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs. For a unicast-mode VXLAN, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.
On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups that do not forward traffic when the primary proxy tunnel is operating correctly.
To change a flood proxy tunnel for a VXLAN, perform the following tasks:
· Use the undo tunnel command to remove the flood proxy tunnel.
· Use the tunnel command to enable flood proxy on another tunnel and assign the tunnel to the VXLAN.
Examples
# Assign VXLAN tunnels 0 and 1 to VXLAN 10000.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000] tunnel 0
[Sysname-vsi-vpna-vxlan-10000] tunnel 1
Related commands
display vxlan tunnel
tunnel global source-address
Use tunnel global source-address to specify a global source address for VXLAN tunnels.
Use undo tunnel global source-address to restore the default.
Syntax
tunnel global source-address ip-address
undo tunnel global source-address
Default
No global source address is specified for VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IP address.
Usage guidelines
A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.
The global source address takes effect only on VXLAN tunnels.
Examples
# Specify 1.1.1.1 as the global source address for VXLAN tunnels.
<Sysname> system-view
[Sysname] tunnel global source-address 1.1.1.1
vsi
Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.
Use undo vsi to delete a VSI.
Syntax
vsi vsi-name
undo vsi vsi-name
Default
No VSIs exist.
Views
System view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.
A VSI can provide services only for one VXLAN.
Examples
# Create VSI vxlan10 and enter VSI view.
<Sysname> system-view
[Sysname] vsi vxlan10
[Sysname-vsi-vxlan10]
Related commands
display l2vpn vsi
vxlan
Use vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN.
Use undo vxlan to restore the default.
Syntax
vxlan vxlan-id
undo vxlan
Default
No VXLANs exist.
Views
VSI view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.
Examples
# Create VXLAN 10000 for VSI vpna and enter VXLAN view.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000]
Related commands
vsi
vxlan invalid-udp-checksum discard
Use vxlan invalid-udp-checksum discard to enable the device to drop the VXLAN packets that fail UDP checksum check.
Use undo vxlan invalid-udp-checksum discard to restore the default.
Syntax
vxlan invalid-udp-checksum discard
undo vxlan invalid-udp-checksum discard
Default
The device does not check the UDP checksum of VXLAN packets.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to check the UDP checksum of VXLAN packets.
The device always sets the UDP checksum of VXLAN packets to 0. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is 0 or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.
Examples
# Enable the device to drop the VXLAN packets that fail UDP checksum check.
<Sysname> system-view
[Sysname] vxlan invalid-udp-checksum discard
Related commands
vxlan invalid-vlan-tag discard
vxlan invalid-vlan-tag discard
Use vxlan invalid-vlan-tag discard to enable the device to drop the VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header.
Use undo vxlan invalid-vlan-tag discard to restore the default.
Syntax
vxlan invalid-vlan-tag discard
undo vxlan invalid-vlan-tag discard
Default
The device does not check whether a VXLAN packet has 802.1Q VLAN tags in the inner Ethernet header.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the device to drop VXLAN packets that have 802.1Q VLAN tags.
<Sysname> system-view
[Sysname] vxlan invalid-vlan-tag discard
Related commands
vxlan invalid-udp-checksum discard
vxlan local-mac report
Use vxlan local-mac report to enable local-MAC logging.
Use undo vxlan local-mac report to disable local-MAC logging.
Syntax
vxlan local-mac report
undo vxlan local-mac report
Default
Local-MAC logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When the local-MAC logging feature is enabled, the VXLAN module immediately sends a log message with its local MAC addresses to the information center. When a local MAC address is added or removed, a log message is also sent to the information center to notify the local-MAC change.
With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see Network Management and Monitoring Configuration Guide.
Examples
# Enable local-MAC logging.
<Sysname> system-view
[Sysname] vxlan local-mac report
vxlan tunnel mac-learning disable
Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.
Use undo vxlan tunnel mac-learning disable to enable remote-MAC address learning.
Syntax
vxlan tunnel mac-learning disable
undo vxlan tunnel mac-learning disable
Default
Remote-MAC address learning is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.
Examples
# Disable remote-MAC address learning.
<Sysname> system-view
[Sysname] vxlan tunnel mac-learning disable
vxlan udp-port
Use vxlan udp-port to set the destination UDP port number for VXLAN packets.
Use undo vxlan udp-port to restore the default.
Syntax
vxlan udp-port port-number
undo vxlan udp-port
Default
The destination UDP port number is 4789 for VXLAN packets.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.
Usage guidelines
You must configure the same destination UDP port number on all VTEPs in a VXLAN.
Examples
# Set the destination UDP port number to 6666 for VXLAN packets.
<Sysname> system-view
[Sysname] vxlan udp-port 6666
xconnect vsi
Use xconnect vsi to map an AC to a VSI.
Use undo xconnect vsi to restore the default.
Syntax
xconnect vsi vsi-name [ track track-entry-number&<1-3> ]
undo xconnect vsi
Default
An AC is not mapped to any VSI.
Views
Interface view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
track track-entry-number&<1-3>: Specifies a space-separated list of up to three track entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry is in positive state.
Usage guidelines
To monitor the status of an AC, associate it with track entries.
For traffic that matches the Layer 3 interface, the system uses the VSI's MAC address table to make a forwarding decision.
Examples
# Map GigabitEthernet 1/0/1 to the VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] quit
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] xconnect vsi vpn1
Related commands
display l2vpn interface
vsi
VXLAN IP gateway commands
bandwidth
Use bandwidth to set the expected bandwidth for a VSI interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) equals the interface baudrate divided by 1000.
Views
VSI interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by using this command.
Examples
# Set the expected bandwidth to 10000 kbps for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] bandwidth 10000
default
Use default to restore the default settings for a VSI interface.
Syntax
default
Views
VSI interface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
To resolve this problem:
1. Use the display this command in interface view to identify these commands.
2. Use their undo forms or follow the command reference to restore their default settings.
3. If the restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] default
This command will restore the default settings. Continue? [Y/N]:y
description
Use description to configure a description for a VSI interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of a VSI interface is interface-name plus Interface (for example, Vsi-interface100 Interface).
Views
VSI interface view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Examples
# Configure the description as gateway for VXLAN 10 for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] description gateway for VXLAN 10
display interface vsi-interface
Use display interface vsi-interface to display information about VSI interfaces.
Syntax
display interface [ vsi-interface [ vsi-interface-id ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi-interface [ vsi-interface-id ]: Specifies VSI interfaces. If you specify a VSI interface, this command displays information about the specified interface. If you specify only the vsi-interface keyword, this command displays information about all VSI interfaces. If you do not specify the vsi-interface [ vsi-interface-id ] option, this command displays information about all interfaces. Make sure the specified VSI interfaces have been created on the device.
brief: Display brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.
down: Displays interfaces that are physically down as well as the down reason. If you do not specify this keyword, the command does not filter output by physical interface state.
Examples
# Display information about VSI-interface 100.
<Sysname> display interface vsi-interface 100
Vsi-interface100
Current state: UP
Line protocol state: UP
Description: Vsi-interface100 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0011-2200-0102
IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 8 Command output
|
Field |
Description |
|
Current state |
Physical link state of the interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down. · UP—The interface is both administratively and physically up. |
|
Line protocol state |
Data link layer state of the interface: · UP—The data link layer protocol is up. · UP(spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist. · DOWN—The data link layer protocol is down. |
|
Description |
Description of the interface. |
|
Bandwidth |
Expected bandwidth of the interface. |
|
Maximum transmission unit |
MTU of the interface. |
|
Internet protocol processing: Disabled |
The interface is not assigned an IP address and cannot process IP packets. |
|
Internet address |
IP address of the interface. The primary attribute indicates that the address is the primary IP address. |
|
IP packet frame type |
IPv4 packet framing format. |
|
hardware address |
MAC address. |
|
IPv6 packet frame type |
IPv6 packet framing format. |
|
Physical |
Physical type of the interface, which is fixed at Unknown. |
|
baudrate |
Interface baudrate in kbps. |
|
Last clearing of counters |
Last time when the reset counters interface vsi-interface command was used to clear interface statistics. This field displays Never if the reset counters interface vsi-interface command has never been used on the interface since the device startup. |
|
Last 300 seconds input rate |
Average input rate for the last 300 seconds. |
|
Last 300 seconds output rate |
Average output rate for the last 300 seconds. |
|
Input: 0 packets, 0 bytes, 0 drops |
Incoming traffic statistics on the interface: · Number of incoming packets. · Number of incoming bytes. · Number of dropped incoming packets. |
|
Output: 0 packets, 0 bytes, 0 drops |
Outgoing traffic statistics on the interface: · Number of outgoing packets. · Number of outgoing bytes. · Number of dropped outgoing packets. |
# Display brief information about all VSI interfaces.
<Sysname> display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi100 DOWN DOWN --
# Display brief information and complete description for VSI-interface 100.
<Sysname> display interface vsi-interface 100 brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi100 UP UP 1.1.1.1 VSI-interface100
# Displays interfaces that are physically down and the down reason.
<Sysname> display interface brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
Vsi100 DOWN Administratively
Vsi200 DOWN Administratively
Table 9 Command output
|
Field |
Description |
|
Interface |
Abbreviated interface name. |
|
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is in standby state. To see the primary interface, use the display interface-backup state command. |
|
Protocol |
Data link layer state of the interface: · UP—The data link layer protocol is up. · UP (s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. · DOWN—The data link layer protocol of the interface is down. |
|
Primary IP |
Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address. |
|
Description |
Description of the interface. |
|
Cause |
Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—The interface is not mapped to any VSI, or the mapped VSI does not have any AC or PW. |
Related commands
reset counters interface vsi-interface
distributed-gateway local
Use distributed-gateway local to specify a VSI interface as a distributed gateway to provide services for the local site.
Use undo distributed-gateway local to restore the default.
Syntax
distributed-gateway local
undo distributed-gateway local
Default
A VSI interface is not a distributed gateway.
Views
VSI interface view
Predefined user roles
network-admin
Usage guidelines
If a VXLAN uses distributed gateway services, you must assign the same IP address to the VXLAN's VSI interfaces on different VTEPs. To avoid IP address conflicts, you must specify the VSI interface on each VTEP as a distributed gateway.
Examples
# Specify VSI-interface 100 as a distributed gateway.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] distributed-gateway local
gateway subnet
Use gateway subnet to assign a subnet to a VSI.
Use undo gateway subnet to remove a subnet from a VSI.
Syntax
gateway subnet { ipv4-address wildcard-mask | ipv6-address prefix-length }
undo gateway subnet { ipv4-address wildcard-mask | ipv6-address prefix-length }
Default
No subnet is assigned to a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 subnet address in dotted-decimal notation.
wildcard-mask: Specifies a wildcard mask in dotted decimal notation. In contrast to a network mask, the 0 bits in a wildcard mask represent "do care" bits, and the 1 bits represent "don't care" bits. If the "do care" bits in a packet's IP address are identical to the "do care" bits in the specified subnet address, the packet is assigned to the VSI. All "don't care" bits are ignored. The 0s and 1s in a wildcard mask can be noncontiguous. For example, 0.255.0.255 is a valid wildcard mask.
ipv6-address prefix-length: Specifies an IPv6 subnet address and the address prefix length in the range of 1 to 128.
Usage guidelines
You must configure this command on VSIs that share a gateway interface. This command enables the VSI interface to identify the VSI of a packet.
You can assign a maximum of eight IPv4 and IPv6 subnets to a VSI. Make sure these subnets are on the same network as one of the IP addresses on the gateway interface.
You must specify a gateway interface for a VSI before you can assign subnets to the VSI. If you remove the gateway interface from the VSI, the VSI's subnet settings are automatically deleted.
For VSIs that share a gateway interface, the subnets must be unique.
Examples
# Assign subnet 100.0.10.0/24 to the VSI vxlan.
<Sysname> system-view
[Sysname] vsi vxlan
[Sysname-vsi-vxlan] gateway subnet 100.0.10.0 0.0.0.255
gateway vsi-interface
Use gateway vsi-interface to specify a gateway interface for a VSI.
Use undo gateway vsi-interface to restore the default.
Syntax
gateway vsi-interface vsi-interface-id
undo gateway vsi-interface
Default
No gateway interface is specified for a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
vsi-interface-id: Specifies a VSI interface by its number in the range of 0 to 8191.
Usage guidelines
A VSI can have only one gateway interface. Multiple VSIs can share a gateway interface.
Examples
# Specify VSI-interface 100 as the gateway interface for the VSI vpna.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] gateway vsi-interface 100
Related commands
interface vsi-interface
interface vsi-interface
Use interface vsi-interface to create a VSI interface and enter its view, or enter the view of an existing VSI interface.
Use undo interface vsi-interface to delete a VSI interface.
Syntax
interface vsi-interface vsi-interface-id
undo interface vsi-interface vsi-interface-id
Default
No VSI interfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
vsi-interface-id: Specifies a VSI interface number in the range of 0 to 8191. The following matrix shows the maximum number of VSI interfaces supported by devices:
|
Hardware |
Maximum number of VSI interfaces |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
256 |
|
MSR2600-6-X1/2600-10-X1 |
256 |
|
MSR 2630 |
256 |
|
MSR3600-28/3600-51 |
256 |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
256 |
|
MSR 3610/3620/3620-DP/3640/3660 |
256 |
|
MSR5620/5660/5680 |
1024 |
|
Hardware |
Maximum number of VSI interfaces |
|
MSR810-LM-GL |
256 |
|
MSR810-W-LM-GL |
256 |
|
MSR830-6EI-GL |
256 |
|
MSR830-10EI-GL |
256 |
|
MSR830-6HI-GL |
256 |
|
MSR830-10HI-GL |
256 |
|
MSR2600-6-X1-GL |
256 |
|
MSR3600-28-SI-GL |
256 |
Examples
# Create VSI-interface 100 and enter VSI interface view.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100]
Related commands
gateway vsi-interface
mac-address
Use mac-address to assign a MAC address to a VSI interface.
Use undo mac-address to restore the default.
Syntax
mac-address mac-address
undo mac-address
Default
No MAC address is assigned to a VSI interface.
Views
VSI interface view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in H-H-H format.
Examples
# Assign MAC address 0001-0001-0001 to VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] mac-address 1-1-1
mtu
Use mtu to set the MTU for a VSI interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The default MTU is 1500 bytes.
Views
VSI interface view
Predefined user roles
network-admin
Parameters
size: Specifies an MTU value in the range of 46 to 1500 bytes.
Examples
# Set the MTU to 1430 bytes for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] mtu 1430
reset counters interface vsi-interface
Use reset counters interface vsi-interface to clear packet statistics on VSI interfaces.
Syntax
reset counters interface [ vsi-interface [ vsi-interface-id ] ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi-interface [ vsi-interface-id ]: Specifies VSI interfaces. If you specify a VSI interface, this command clears packet statistics on the specified interface. If you specify only the vsi-interface keyword, this command clears packet statistics on all VSI interfaces. If you do not specify the vsi-interface [ vsi-interface-id ] option, this command clears packet statistics on all interfaces. Make sure the specified VSI interfaces have been created on the device.
Usage guidelines
Use this command to clear history statistics before you collect traffic statistics for a time period.
Examples
# Clear packet statistics on VSI-interface 100.
<Sysname> reset counters interface vsi-interface 100
Related commands
display interface
shutdown
Use shutdown to shut down a VSI interface.
Use undo shutdown to bring up a VSI interface.
Syntax
shutdown
undo shutdown
Default
A VSI interface is up.
Views
VSI interface view
Predefined user roles
network-admin
Examples
# Shut down VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] shutdown
vtep group member local
Use vtep group member local to assign the local VTEP to a VTEP group.
Use undo vtep group member local to remove the local VTEP from a VTEP group.
Syntax
vtep group group-ip member local member-ip
undo vtep group group-ip member local
Default
A VTEP is not assigned to any VTEP group.
Views
System view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a VTEP group by its group IP address. The IP address must already exist on the local VTEP.
member-ip: Specifies the member VTEP IP address for the local VTEP. The IP address must already exist on the local VTEP.
Usage guidelines
Member VTEPs in a VTEP group cannot use the group IP address or share an IP address.
Examples
# Assign the local VTEP to the VTEP group 1.1.1.1, and specify 2.2.2.2 as the member VTEP IP address of the local VTEP.
<Sysname> system-view
[Sysname] vtep group 1.1.1.1 member local 2.2.2.2
Related commands
vtep group member remote
vtep group member remote
Use vtep group member remote to specify a VTEP group and its member VTEPs.
Use undo vtep group member remote to remove a VTEP group and its member VTEPs.
Syntax
vtep group group-ip member remote member-ip&<1-8>
undo vtep group group-ip member remote
Default
No VTEP group is specified.
Views
System view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a VTEP group by its group IP address.
member-ip&<1-8>: Specifies a space-separated list of up to eight member VTEP IP addresses.
Examples
# Specify the VTEP group 1.1.1.1 and its member VTEPs at 2.2.2.2, 3.3.3.3, and 4.4.4.4.
<Sysname> system-view
[Sysname] vtep group 1.1.1.1 member remote 2.2.2.2 3.3.3.3 4.4.4.4
Related commands
vtep group member local
vxlan tunnel arp-learning disable
Use vxlan tunnel arp-learning disable to disable remote ARP learning for VXLANs.
Use undo vxlan tunnel arp-learning disable to enable remote ARP learning for VXLANs.
Syntax
vxlan tunnel arp-learning disable
undo vxlan tunnel arp-learning disable
Default
Remote ARP learning is enabled for VXLANs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
By default, the device learns ARP information of remote VMs from packets received on VXLAN tunnel interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries. After the entry synchronization is completed, use the undo vxlan tunnel arp-learning disable command to enable remote ARP learning.
As a best practice, disable remote ARP learning for VXLANs only when the controller and VTEPs are synchronizing entries.
Examples
# Disable remote ARP learning for VXLANs.
<Sysname> system
[Sysname] vxlan tunnel arp-learning disable
ENDP commands
display vxlan neighbor-discovery client member
Use display vxlan neighbor-discovery client member to display information about ENDP neighbors that ENDCs have learned.
Syntax
display vxlan neighbor-discovery client member [ interface tunnel interface-number | local local-ip | remote client-ip | server server-ip ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number in the range of 0 to 10239.
local local-ip: Specifies an NVE tunnel source IP address.
remote client-ip: Specifies the IP address of an ENDP neighbor.
server server-ip: Specifies the IP address of an ENDS.
Usage guidelines
Each ENDP neighbor entry includes a neighbor's IP address, bridge MAC address, entry creation time, aging time, and VXLAN tunnel status.
If you do not specify any parameters, this command displays neighbor entries that all local ENDCs have learned.
Examples
# Display neighbor entries that all local ENDCs have learned.
<Sysname> display vxlan neighbor-discovery client member
Interface: Tunnel0 Network ID: 1 Vpn-instance: [No Vrf]
Local Address: 1.1.1.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
2.2.2.2 0002-0000-0000 2014/08/01 03:39:38 71 Up
3.3.3.3 0003-0000-0000 2014/08/01 03:42:38 71 Up
Table 10 Command output
|
Field |
Description |
|
Interface |
Name of an ENDC-enabled NVE tunnel interface. |
|
Network ID |
NVE tunnel network ID. |
|
Vpn-instance |
VPN instance. |
|
Local Address |
Source IP address of the NVE tunnel. |
|
Server Address |
IP address of the ENDS. This field displays NA if the ENDS is unknown. |
|
Neighbor |
IP address of the neighbor learned from the ENDS. |
|
System ID |
Bridge MAC address of the neighbor. This field displays NA if the bridge MAC address is unknown. |
|
Created Time |
Time when the neighbor entry was created. |
|
Expire |
Remaining lifetime (in seconds) of the neighbor entry. |
|
Status |
Status of the VXLAN tunnel to the neighbor: · Up—The VXLAN tunnel is up. · Down—The VXLAN tunnel is down. · NA—No VXLAN tunnel has been set up with the neighbor. |
display vxlan neighbor-discovery client statistics
Use display vxlan neighbor-discovery client statistics to display ENDP packet statistics for an ENDC-enabled NVE tunnel interface.
Syntax
display vxlan neighbor-discovery client statistics interface tunnel interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number in the range of 0 to 10239.
Examples
# Display ENDP packet statistics for ENDCs on the NVE tunnel interface Tunnel 0.
<Sysname> display vxlan neighbor-discovery client statistics interface tunnel 0
Server Address: 10.0.0.1 Vpn-instance: [No Vrf]
Received packets:
Reply: 170 Error: 1
Sent packets:
Register: 170 Purge: 0
Server Address: 10.0.0.2
Received packets:
Reply: 99 Error: 1
Sent packets:
Register: 100 Purge: 0
Table 11 Command output
|
Field |
Description |
|
Server Address |
IP address of the ENDS. |
|
Vpn-instance |
VPN instance. |
|
Received packets |
Packets received by the ENDC: · Reply—Registration replies received from the ENDS. · Error—ENDP error packets. |
|
Sent packets |
Packets sent by the ENDC: · Register—Registration packets sent to the ENDS. · Purge—Deregistration packets sent to the ENDS. |
display vxlan neighbor-discovery client summary
Use display vxlan neighbor-discovery client summary to display ENDC settings and connectivity to ENDSs.
Syntax
display vxlan neighbor-discovery client summary
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display ENDC settings and connectivity to ENDSs.
<Sysname> display vxlan neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status VPN Instance
Tunnel0 20.0.0.2 20.0.0.1 1 15 enabled E [No Vrf]
Tunnel0 20.0.0.2 20.0.0.3 1 15 enabled P [No Vrf]
Tunnel1 21.0.0.2 21.0.0.1 2 15 disabled P [No Vrf]
Table 12 Command output
|
Field |
Description |
|
Interface |
Name of an ENDC-enabled NVE tunnel interface. |
|
Local Address |
Source IP address of the NVE tunnel. This field displays NA if no source IP address has been assigned to the NVE tunnel. |
|
Server Address |
IP address of the ENDS. |
|
Network ID |
NVE tunnel network ID. This field displays NA if no network ID has been configured. |
|
Reg |
Registration update interval. The ENDC updates its registration with the ENDS at this interval. |
|
Auth |
ENDP authentication status: · enabled. · disabled. |
|
Status |
Status of the connection between the ENDC and the ENDS: · I—The connection is initializing. · E—The connection has been set up. · P—The ENDC is probing for the ENDS to set up a connection. |
Related commands
vxlan neighbor-discovery authentication
vxlan neighbor-discovery client enable
vxlan neighbor-discovery client register-interval
display vxlan neighbor-discovery server member
Use display vxlan neighbor-discovery server member to display information about ENDP neighbors that have registered with an ENDS on the device.
Syntax
display vxlan neighbor-discovery server member [ interface tunnel interface-number | local local-ip | remote client-ip ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number in the range of 0 to 10239.
local local-ip: Specifies the IP address of an ENDS on the device.
remote client-ip: Specifies the IP address of an ENDP neighbor.
Usage guidelines
Each neighbor entry includes a neighbor's IP address, bridge MAC address, entry creation time, and aging time.
If you do not specify any parameters, this command displays all ENDP neighbors that have registered with each ENDS on the device.
Examples
# Display ENDP neighbor entries of all ENDSs on the device.
<Sysname> display vxlan neighbor-discovery server member
Interface: Tunnel0 Network ID: 1 Vpn-instance: [No Vrf]
IP Address: 1.1.1.1
Client Address System ID Expire Created Time
1.1.1.1 0001-0000-0000 72 2014/08/01 03:34:22
2.2.2.2 0002-0000-0000 66 2014/08/01 03:39:24
3.3.3.3 0003-0000-0000 72 2014/08/01 03:42:34
Table 13 Command output
|
Field |
Description |
|
Interface |
Name of an ENDS-enabled NVE tunnel interface. |
|
Network ID |
NVE tunnel network ID. |
|
Vpn-instance |
VPN instance |
|
IP Address |
IP address of the ENDS. |
|
Client Address |
IP address of the neighbor. |
|
System ID |
Bridge MAC address of the neighbor. |
|
Expire |
Remaining lifetime (in seconds) of the neighbor entry. |
|
Created Time |
Time when the neighbor entry was created. |
display vxlan neighbor-discovery server statistics
Use display vxlan neighbor-discovery server statistics to display ENDP packet statistics for the ENDS on an NVE tunnel interface.
Syntax
display vxlan neighbor-discovery server statistics interface tunnel interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface tunnel interface-number: Specifies an existing NVE tunnel interface by its number in the range of 0 to 10239.
Examples
# Display ENDP packet statistics for the ENDS on the NVE tunnel interface Tunnel 0.
<Sysname> display vxlan neighbor-discovery server statistics interface tunnel 0
Received packets:
Register: 170 Purge: 13
Sent packets:
Reply: 170 Error: 1
Table 14 Command output
|
Field |
Description |
|
Received packets |
Packets received by the ENDS: · Register—Registration requests received from ENDCs. · Purge—Deregistration packets received from ENDCs. |
|
Sent packets |
Packets sent by the ENDS: · Reply—Registration replies sent to ENDCs. · Error—ENDP error packets. |
display vxlan neighbor-discovery server summary
Use display vxlan neighbor-discovery server summary to display ENDS information.
Syntax
display vxlan neighbor-discovery server summary
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
ENDS information includes ENDP authentication status (enabled or disabled) and the total number of ENDCs that have registered with each ENDS.
Examples
# Display ENDS information.
<Sysname> display vxlan neighbor-discovery server summary
Interface Local Address Network ID Auth Members VPN Instance
Tunnel0 20.0.0.1 1 enabled 10 [No Vrf]
Tunnel2 21.0.0.1 2 disabled 20 [No Vrf]
Tunnel3 22.0.0.1 NA disabled 0 [No Vrf]
Table 15 Command output
|
Field |
Description |
|
Interface |
Name of an ENDS-enabled NVE tunnel interface. |
|
Local Address |
Source IP address of the NVE tunnel. This field displays NA if no source IP address has been assigned to the NVE tunnel. |
|
Network ID |
NVE tunnel network ID. This field displays NA if no network ID has been configured. |
|
Auth |
ENDP authentication status: · enabled. · disabled. |
|
Members |
Total number of ENDCs that have registered with the ENDS. |
Related commands
vxlan neighbor-discovery authentication
vxlan neighbor-discovery server enable
network-id
Use network-id to assign a network ID to an NVE tunnel interface.
Use undo network-id to restore the default.
Syntax
network-id network-id
undo network-id
Default
No network ID is assigned to an NVE tunnel interface.
Views
NVE tunnel interface view
Predefined user roles
network-admin
Parameters
number: Specifies a network ID in the range of 1 to 16777215.
Usage guidelines
ENDP supports multiple VXLAN networks. ENDP uses network IDs to uniquely identify VXLANs. VTEPs can discover each other if they have the same network ID.
On a VTEP, NVE tunnel interfaces must use different network IDs.
Examples
# Assign a network ID of 123 to the NVE tunnel interface Tunnel 0.
<Sysname> system-view
[Sysname] interface tunnel 0 mode nve
[Sysname-Tunnel0] network-id 123
vxlan neighbor-discovery authentication
Use vxlan neighbor-discovery authentication to enable ENDP authentication.
Use undo vxlan neighbor-discovery authentication to disable ENDP authentication.
Syntax
vxlan neighbor-discovery authentication { cipher | simple } string
undo vxlan neighbor-discovery authentication
Default
ENDP authentication is disabled.
Views
NVE tunnel interface view
Predefined user roles
network-admin
Parameters
cipher: Specifies an authentication key in encrypted form.
simple: Specifies an authentication key in plaintext form. For security purposes, the authentication key specified in plaintext form will be stored in encrypted form.
string: Specifies the authentication key. Its plaintext form must be a case-sensitive string of 1 to 24 characters. Its encrypted form must be a case-sensitive string of 1 to 65 characters.
Usage guidelines
Configure ENDP authentication in an insecure network to prevent malicious registration with an ENDS.
For ENDSs and ENDCs to establish VXLAN tunnels, make sure the following requirements are met:
· ENDP authentication is enabled or disabled across the ENDSs and ENDCs.
· If ENDP authentication is enabled, all ENDCs and ENDSs in a VXLAN network use the same authentication key.
Examples
# Enable ENDP authentication on the NVE tunnel interface Tunnel 0. Specify vxlan-a as the authentication key in plaintext form.
<Sysname> system-view
[Sysname] interface tunnel 0 mode nve
[Sysname-Tunnel0] vxlan neighbor-discovery authentication simple vxlan-a
Related commands
display vxlan neighbor-discovery client summary
display vxlan neighbor-discovery server summary
vxlan neighbor-discovery client enable
Use vxlan neighbor-discovery client enable to specify an NVE tunnel interface as the ENDC of an ENDS.
Use undo vxlan neighbor-discovery client enable to remove the ENDC from an NVE tunnel interface.
Syntax
vxlan neighbor-discovery client enable server-ip
undo vxlan neighbor-discovery client enable server-ip
Default
The ENDC feature is disabled.
Views
NVE tunnel interface view
Predefined user roles
network-admin
Parameters
server-ip: Specifies the IP address of a remote ENDS.
Usage guidelines
For redundancy, you can specify a maximum of two ENDS addresses on an NVE tunnel interface. These two ENDSs work independently. The failure of one ENDS does not affect the neighbor discovery.
As a best practice, configure different ENDSs for two ENDCs on the VTEP if the ENDCs use the same IP address but different network IDs.
Examples
# Configure Tunnel 0 as an ENDC of the ENDS at 11.0.0.1.
<Sysname> system-view
[Sysname] interface tunnel 0 mode nve
[Sysname-Tunnel0] vxlan neighbor-discovery client enable 11.0.0.1
Related commands
display vxlan neighbor-discovery client summary
vxlan neighbor-discovery client register-interval
Use vxlan neighbor-discovery client register-interval to set the interval at which the ENDCs on an NVE tunnel interface update their registration with their ENDSs.
Use undo vxlan neighbor-discovery client register-interval to restore the default.
Syntax
vxlan neighbor-discovery client register-interval interval
undo vxlan neighbor-discovery client register-interval
Default
An ENDC updates its registration with its ENDS every 15 seconds.
Views
NVE tunnel interface view
Predefined user roles
network-admin
Parameters
interval: Specifies a registration update interval in the range of 5 to 120 seconds.
Usage guidelines
ENDP uses an ENDS probe timer and a registration aging timer in addition to the ENDC register timer set by using this command.
· ENDS probe timer—Sets the interval for an ENDC to detect an ENDS. This timer is maintained on ENDCs and is fixed at 5 seconds.
· ENDC register timer—Sets the interval for an ENDC to update its registration with an ENDS. This timer defaults to 15 seconds and can be changed by using the vxlan neighbor-discovery client register-interval command on ENDCs.
· Registration aging timer—This timer is five times the ENDC register timer. This timer is maintained on ENDSs. When the registration aging timer for an ENDC expires, the ENDS removes the ENDC from its ENDC database.
When an ENDC sends a register request to join a VXLAN network, a 5-second ENDS probe timer starts. The ENDC sends a register request to the ENDS every 5 seconds until it receives a response from the ENDS.
When the ENDC receives a response from the ENDS, the ENDS probe timer stops and an ENDC register timer starts. The ENDC regularly sends register updates at the interval set by the register timer.
If the ENDC does not receive a response after sending five consecutive register packets, the ENDC clears its neighbor database and starts the ENDS probe timer.
The ENDC adds the register timer setting to each register packet. The ENDS records this timer setting when it adds the ENDC to the ENDC database. If no register update is received from the ENDC before five times the timer is reached, ENDS removes the ENDC from the VXLAN.
Examples
# Set the ENDC registration update interval to 30 seconds on the NVE tunnel interface Tunnel 0.
<Sysname> system-view
[Sysname] interface tunnel 0 mode nve
[Sysname-Tunnel0] vxlan neighbor-discovery client register-interval 30
Related commands
display vxlan neighbor-discovery client summary
vxlan neighbor-discovery server enable
Use vxlan neighbor-discovery server enable to enable ENDS on an NVE tunnel interface.
Use undo vxlan neighbor-discovery server enable to disable ENDS on an NVE tunnel interface.
Syntax
vxlan neighbor-discovery server enable
undo vxlan neighbor-discovery server enable
Default
The ENDS feature is disabled.
Views
NVE tunnel interface view
Predefined user roles
network-admin
Usage guidelines
When you enable ENDS on an NVE tunnel interface, an ENDC is automatically enabled, with the source address of the NVE tunnel as the ENDS address.
Examples
# Enable ENDS on the NVE tunnel interface Tunnel 0.
<Sysname> system-view
[Sysname] interface tunnel 0 mode nve
[Sysname-Tunnel0] vxlan neighbor-discovery server enable
Related commands
display vxlan neighbor-discovery server summary
VXLAN IS-IS commands
display vxlan isis brief
Use display vxlan isis brief to display brief information about the VXLAN IS-IS process.
Syntax
display vxlan isis brief
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief information about the VXLAN IS-IS process.
<Sysname> display vxlan isis brief
Network-entity: 00.0011.2200.0001.00
LSP-length receive: 1400
LSP-length originate: 1400
Timers:
LSP-max-age: 1200s
LSP-refresh: 900s
State: Enabled
Table 16 Command output
|
Field |
Description |
|
Network-entity |
Network entity name of the VXLAN IS-IS process. |
|
LSP-length receive |
Maximum length of incoming LSPs. |
|
LSP-length originate |
Maximum length of LSPs that the VXLAN IS-IS process can generate. |
|
Timers |
· LSP-max-age—Maximum lifetime for the LSPs generated by the VXLAN IS-IS process. · LSP-refresh—Interval at which the VXLAN IS-IS process sends LSPs to refresh remote LSDBs. |
|
State |
Running status of the VXLAN IS-IS process: · Enabled—MAC address synchronization or VXLAN autonegotiation is enabled. The VXLAN IS-IS process is running. · Disabled—MAC address synchronization and VXLAN autonegotiation are disabled. The VXLAN IS-IS process is not running. |
display vxlan isis graceful-restart status
Use display vxlan isis graceful-restart status to display the GR state of the VXLAN IS-IS process.
Syntax
display vxlan isis graceful-restart status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the GR state of the VXLAN IS-IS process.
<Sysname> display vxlan isis graceful-restart status
Restart status: RESTARTING
Restart phase: LSDB synchronization
Restart interval: 300s
T3 remaining time: 65531s
Total number of interfaces: 1
Number of waiting LSPs: 0
T2 remaining time: 56s
Interface: Tunnel0
T1 remaining time: 2
RA received: N
CSNP received: N
T1 expired number: 3
Table 17 Command output
|
Field |
Description |
|
Restart status |
Graceful Restart state: · COMPLETE—Restart has completed. · STARTING—VXLAN IS-IS process begins to restart. · RESTARTING—VXLAN IS-IS process is restarting. · UNKNOWN—Unknown state. |
|
Restart phase |
Restart phase: · Initialization—VXLAN IS-IS process is initializing. · LSDB synchronization—Peer VXLAN IS-IS processes are synchronizing LSDBs. · MAC receiving—VXLAN IS-IS process is receiving reported local MAC addresses. · LSP stable—VXLAN IS-IS process is generating LSPs. · LSP generation—VXLAN IS-IS process is refreshing and flooding LSPs to adjacent VXLAN neighbors. · Finish—Graceful Restart is complete. · Unknown—Unknown phase. |
|
Restart Interval |
T2 timer, in seconds. The GR process fails if the device fails to complete LSDB synchronization before this timer expires. The peer VXLAN IS-IS process removes the adjacency with the restarting VXLAN IS-IS. This timer is configurable by using the graceful-restart interval command. |
|
T3 remaining time |
The remaining time (in seconds) of the T3 timer. The GR process fails if it is not complete before this timer expires. The peer VXLAN IS-IS process removes the adjacency with the restarting VXLAN IS-IS. This timer is not user configurable. |
|
Total number of interfaces |
Number of VXLAN-enabled interfaces. |
|
Number of waiting LSPs |
Number of LSPs that are waiting to be synchronized with the GR helper for completing LSDB synchronization. |
|
T2 remaining time |
The remaining time (in seconds) of the T2 timer. |
|
Interface |
Interface-specific GR status information for the VXLAN IS-IS process. |
|
T1 remaining time |
Remaining time (in seconds) of the T1 timer on the interface. The T1 timer sets the interval for the restarting device to retransmit hello messages with the RR bit set (restart request messages). The T1 timer is not user configurable. The restarting device retransmits a restart request message to the neighbor if it has not received an acknowledgment for the previous restart request before the T1 timer expires. NOTE: VXLAN IS-IS sends hello messages with the RA bit set to acknowledge restart requests. |
|
RA received |
Whether the interface received a VXLAN IS-IS hello with the RA flag from the neighbor device. |
|
CSNP received |
Whether the interface received a CSNP from the neighbor device. |
|
T1 expired number |
Number of T1 timer expirations on the interface. When this counter reaches 10, the restarting device stops retransmitting hello messages with the RR bit set. |
display vxlan isis local-host
Use display vxlan isis local-host to display local-host routes.
Syntax
display vxlan isis local-host [ ipv6 ] [ vxlan-id vxlan-id ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6: Specifies IPv6 local-host routes. If you do not specify this keyword, the command displays IPv4 local-host routes.
vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays local-host routes for all VXLANs.
count: Displays the number of local-host routes that match the command.
Examples
# Display IPv4 local-host routes for all VXLANs.
<Sysname> display vxlan isis local-host
VXLAN ID IP address MAC address
---------------------------------------------------
1 192.168.56.1 0800-2700-249b
2 192.168.56.2 0800-2700-249c
# Display IPv6 local-host routes for all VXLANs.
<Sysname> display vxlan isis local-host ipv6
VXLAN ID IP address MAC address
---------------------------------------------------
1 200:200::100:200 0000-0000-0001
2 200:200::100:300 0000-0000-0002
# Display the total number of IPv4 local-host routes for all VXLANs.
<Sysname> display vxlan isis local-host count
5 entries found.
# Display the total number of IPv6 local-host routes for all VXLANs.
<Sysname> display vxlan isis local-host ipv6 count
5 entries found.
Table 18 Command output
|
Field |
Description |
|
IP address |
IP address of the host. |
|
MAC address |
MAC address of the host. |
display vxlan isis local-mac
Use display vxlan isis local-mac to display local MAC reachability information maintained by VXLAN IS-IS.
Syntax
display vxlan isis local-mac dynamic [ [ vxlan-id vxlan-id ] [ count ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Displays local dynamic MAC reachability information.
vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays local MAC reachability information for all VXLANs.
count: Displays the number of MAC addresses that match the command.
Examples
# Display local dynamic MAC reachability information for all VXLANs.
<Sysname> display vxlan isis local-mac dynamic
VXLAN ID: 100
MAC address: 00aa-00bb-00cc
MAC address: 00aa-00cc-00bb
MAC address: 00cc-00aa-00bb
VXLAN ID: 50
MAC address: 00bb-00aa-00cc
MAC address: 00bb-00cc-00aa
# Display the sum of local dynamic MAC addresses in all VXLANs.
<Sysname> display vxlan isis local-mac dynamic count
5 MAC addresses found.
display vxlan isis lsdb
Use display vxlan isis lsdb to display the LSDB of the VXLAN IS-IS process.
Syntax
display vxlan isis lsdb [ local | lsp-id lsp-id | verbose ] * [ tunnel tunnel-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
local: Displays locally generated LSPs.
lsp-id lspid: Specifies an LSP identifier in SYSID.Pseudonode ID-fragment num format. The SYSID argument represents the originating node or pseudo node. The Pseudonode ID argument is separated by a dot from SYSID and by a hyphen from fragment num.
verbose: Displays detailed information about LSPs in the LSDB. If you do not specify this keyword, the command displays LSP summaries.
tunnel tunnel-number: Specifies a VXLAN tunnel interface by its interface number in the range of 0 to 10239.
Examples
# Display LSP summaries for the VXLAN IS-IS process.
<Sysname> display vxlan isis lsdb
Link state database information for VXLAN ISIS (Tunnel 0)
LSP ID Seq num Checksum Holdtime Length Overload
-----------------------------------------------------------------------------
0011.2200.0201.0000-00 0x00000063 0x1bc2 1104 74 0
0011.2200.0401.0000-00* 0x00000060 0x7f76 1089 55 0
0011.2200.0401.0001-00* 0x0000005f 0xf77 1175 57 0
Flags: *-Self LSP, +-Self LSP(Extended)
# Display detailed LSP information for the VXLAN IS-IS process.
<Sysname> display vxlan isis lsdb verbose
Link state database information for VXLAN ISIS (Tunnel 0)
LSP ID: 0011.2200.0201.0000-00
Sequence number: 0x00000063
Checksum: 0x1bc2
Holdtime: 745s
Length: 74
Overload: 0
Source: 0011.2200.0201.0000
Neighbour
ID: 0011.2200.0401.0001, Cost: 10
VXLANs:
VXLAN ID: 100
VXLAN ID: 10
MAC addresses:
VXLAN ID: 10 Confidence: 1
0001-0001-0001
LSP ID: 0011.2200.0401.0000-00*
Sequence number: 0x00000060
Checksum: 0x7f76
Holdtime: 730s
Length: 55
Overload: 0
Source: 0011.2200.0401.0000
Neighbour
ID: 0011.2200.0401.0001, Cost: 10
VXLANs:
VXLAN ID: 10
LSP ID: 0011.2200.0401.0001-00*
Sequence number: 0x0000005f
Checksum: 0xf77
Holdtime: 816s
Length: 57
Overload: 0
Source: 0011.2200.0401.0001
Neighbour
ID: 0011.2200.0201.0000, Cost: 0
ID: 0011.2200.0401.0000, Cost: 0
Flags: *-Self LSP, +-Self LSP(Extended)
Table 19 Command output
|
Field |
Description |
|
LSP ID |
LSP ID: · An asterisk mark (*) suffix indicates that the LSP packet is generated by the default VXLAN IS-IS system on the local device. · A plus sign (+) suffix indicates that the LSP packet is generated by a VXLAN IS-IS virtual system on the local device. · IDs of remote LSPs do not have a suffix. |
|
Sequence number |
LSP sequence number. |
|
Holdtime |
LSP lifetime (in seconds), which counts down over time. |
|
Length |
LSP length. |
|
Overload |
Overload bit flag in the LSP: · 1—The bit is set. · 0—The bit is not set. |
|
Source |
System ID of the LSP generating device. |
|
Neighbour |
Neighbors of the LSP generating device. |
|
ID |
System ID of the neighbor. |
|
Cost |
Cost of the link between the LSP generating device and its neighbor. |
|
VXLANs: VXLAN ID |
VXLAN IDs advertised by the LSP. |
|
MAC addresses |
MAC addresses that can be reached through the LSP generating device. |
|
VXLAN ID |
VXLAN that contains the MAC address. |
|
Confidence |
LSP credibility: · 1. · 0. The entry with a confidence of 0 is more trustworthy than the entry with a confidence of 1. |
display vxlan isis peer
Use display vxlan isis peer to display VXLAN IS-IS neighbor information.
Syntax
display vxlan isis peer
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display neighbor information for the VXLAN IS-IS process.
<Sysname> display vxlan isis peer
System ID: 0011.2200.0201
Link interface: Tunnel1
Circuit ID: 0011.2200.0401.0001
State: Up
Hold time: 26s
Neighbour DED priority: 64
Uptime: 00:01:24
Table 20 Command output
|
Field |
Description |
|
System ID |
System ID of the VXLAN neighbor. |
|
Link interface |
Local VXLAN tunnel interface. |
|
Circuit ID |
Link ID. |
|
State |
Adjacency state: · Init—Neighbor state is initializing. · Up—Adjacency has been set up. · Down—Adjacency is lost. |
|
Hold time |
Adjacency hold timer in seconds, which counts down over time. If no hello packet has been received from the neighbor before this timer expires, the device removes the adjacency with the neighbor. If a hello packet is received, the hold timer restarts. |
|
Neighbour DED Priority |
DED priority of the neighbor. On each VXLAN tunnel, the VTEP with higher DED priority is elected the DED. |
|
Uptime |
The amount of time that the adjacency with the neighbor has lasted. |
display vxlan isis remote-host
Use display vxlan isis remote-host to display remote-host routes advertised through VXLAN IS-IS.
Syntax
display vxlan isis remote-host [ ipv6 ] [ vxlan-id vxlan-id ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6: Specifies IPv6 remote-host routes. If you do not specify this keyword, the command displays IPv4 remote-host routes.
vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays remote-host routes for all VXLANs.
count: Displays the number of remote-host routes that match the command.
Examples
# Display all IPv4 remote-host routes that are advertised through VXLAN IS-IS.
<Sysname> display vxlan isis remote-host
Host Flags: A-Received on an active tunnel interface.
C-In conflict with a local host route.
F-Flushed to the remote host route table.
VXLAN IP address MAC address Tunnel Interface Flag
---------------------------------------------------------------------
1 6.6.6.1 0000-0000-0001 Tunnel1 Vsi1 AF
1 6.6.6.2 0000-0000-0002 Tunnel1 Vsi1 AF
# Display the total number of IPv4 remote-host routes that are advertised through VXLAN IS-IS.
<Sysname> display vxlan isis remote-host count
1 entries found.
Table 21 Command output
|
Field |
Description |
|
VXLAN |
VXLAN ID |
|
IP address |
IP address of the host. |
|
MAC address |
MAC address of the host. |
|
Tunnel |
Tunnel interface name. |
|
Interface |
VSI interface associated with the VXLAN's VSI. |
|
Flags |
Remote-host route flag: · A—The remote-host route is received from a valid tunnel interface. · C—The remote-host route conflicts with a local-host route. · F—The remote-host route has been issued to the remote-host route table. |
display vxlan isis remote-mac
Use display vxlan isis remote-mac to display remote MAC reachability information maintained by VXLAN IS-IS.
Syntax
display vxlan isis remote-mac [ [ vxlan-id vxlan-id ] [ count ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays remote MAC reachability information for all VXLANs.
count: Displays the number of remote MAC addresses that match the command.
Examples
# Display remote MAC reachability information that VXLAN IS-IS has for all VXLANs.
<Sysname> display vxlan isis remote-mac
MAC Flags: A-MAC received on an active tunnel interface.
C-MAC conflict with local dynamic MAC.
F-MAC has been flushed to the remote MAC address table.
VXLAN ID: 10
MAC address: 0001-0001-0001
Interface: Tunnel1
Flags: AF
# Display the sum of remote MAC addresses that VXLAN IS-IS has for all VXLANs.
<Sysname> display vxlan isis remote-mac count
1 MAC addresses found.
Table 22 Command output
|
Description |
|
|
MAC address |
Remote MAC address. |
|
Interface |
Tunnel interface name. |
|
Flags |
Remote MAC address flag: · A—The remote MAC address is received from a valid tunnel interface. · C—The remote MAC address conflicts with a local MAC address. · F—The remote MAC address has been issued to the remote MAC address table. |
display vxlan isis remote-vxlan
Use display vxlan isis remote-vxlan to display remote VXLAN information.
Syntax
display vxlan isis remote-vxlan [ vxlan-id | count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vxlan-id: Specifies a remote VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN ID, this command displays information about all remote VXLANs.
count: Displays the number of remote VXLANs that match the command.
Examples
# Display information about all remote VXLANs.
<Sysname> display vxlan isis remote-vxlan
VXLAN Flags: S-VXLAN supported at the local end
F-Association between VXLAN and Tunnels has been flushed to L2VPN
VXLAN ID: 1000
Flags: FS
Tunnel: 1
VXLAN ID: 1001
Flags: FS
Tunnel: 1
# Display the total number of remote VXLANs.
<Sysname> display vxlan isis remote-vxlan count
2 VXLANs found.
Table 23 Command output
|
Field |
Description |
|
Tunnel |
VXLAN tunnels assigned to the VXLAN. |
|
Flags |
VXLAN flag: · S—The local end supports the VXLAN. · F—The associations between the VXLAN and tunnels have been flushed to L2VPN. |
display vxlan isis tunnel
Use display vxlan isis tunnel to display VXLAN IS-IS settings on VXLAN tunnel interfaces.
Syntax
display vxlan isis tunnel [ tunnel-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
tunnel-number: Specifies a VXLAN tunnel interface by its number. If you do not specify a VXLAN tunnel interface, this command displays VXLAN IS-IS settings on all VXLAN tunnel interfaces.
Examples
# Display VXLAN IS-IS settings on Tunnel 101.
<Sysname> display vxlan isis tunnel 101
Tunnel101
MTU: 1400
DED: Yes
DED priority: 80
Hello timer: 10s
Hello multiplier: 3
CSNP timer: 10s
LSP timer: 100ms
Max LSP transmit number: 5
VXLANs:
1,50,100
Table 24 Command output
|
Field |
Description |
|
MTU |
Link MTU of the tunnel. |
|
DED |
DED election result: · Yes—The device is a DED in the VXLAN network. · No—The device is not a DED in the VXLAN network. |
|
DED priority |
DED priority of the device on the VXLAN tunnel interface. |
|
Hello timer |
Interval in seconds, at which VXLAN IS-IS sends hello packets to maintain the adjacencies with neighbors. |
|
Hello multiplier |
Multiplier for calculating the VXLAN IS-IS adjacency hold time. |
|
CSNP timer |
Interval at which the VTEP sends CSNP packets to advertise LSP summaries for LSDB synchronization. This timer takes effect only if the VTEP is a DED. |
|
LSP timer |
Minimum LSP transmit interval in milliseconds. The device must wait for this timer to expire before sending LSPs. |
|
LSP transmit-throttle count |
Maximum number of LSPs that can be sent at each interval. |
|
VXLANs |
VXLANs on the VXLAN tunnel interface. |
graceful-restart
Use graceful-restart to enable Graceful Restart for the VXLAN IS-IS process.
Use undo graceful-restart to disable Graceful Restart for the VXLAN IS-IS process.
Syntax
graceful-restart
undo graceful-restart
Default
Graceful Restart is disabled for the VXLAN IS-IS process.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Usage guidelines
Enable Graceful Restart for the peer VXLAN IS-IS processes at two ends of the VXLAN tunnel.
This feature guarantees nonstop forwarding while the peer VXLAN IS-IS processes are re-establishing their adjacency after a process restart or active/standby switchover occurs.
Examples
# Enable Graceful Restart for the VXLAN IS-IS process.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] graceful-restart
Related commands
display vxlan isis graceful-restart status
graceful-restart interval
Use graceful-restart interval to set the GR restart interval for VXLAN IS-IS.
Use undo graceful-restart interval to restore the default.
Syntax
graceful-restart interval interval
undo graceful-restart interval
Default
The GR restart interval is 300 seconds for VXLAN IS-IS.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Parameters
interval: Specifies a GR restart interval in the range of 30 to 1800 seconds.
Usage guidelines
This command sets the T2 timer to control the maximum amount of time for LSDB synchronization during a restart.
The device advertises the T2 timer as the adjacency hold time to its neighbor during a GR process.
Before the timer expires, the neighbor maintains the adjacency with the device. If the device fails to complete the restart before this timer expires, the neighbor removes the adjacency. The GR process fails.
Examples
# Set the GR restart interval to 120 seconds for the VXLAN IS-IS process.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] graceful-restart interval 120
Related commands
display vxlan isis graceful-restart status
host-mac-learning enable
Use host-mac-learning enable to enable host route MAC learning.
Use undo host-mac-learning enable to disable host route MAC learning.
Syntax
host-mac-learning enable
undo host-mac-learning enable
Default
Host route MAC learning is disabled.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Usage guidelines
Host route MAC learning enables the VTEP to learn remote MAC addresses from received remote-host routes.
As a best practice, do not enable both host route MAC learning and MAC reachability information advertisement to prevent the VTEP from learning duplicate MAC addresses.
Examples
# Enable host route MAC learning.
<Sysname> system-view
[Sysname] vxlan isis
[Sysname-vxlan-isis] host-mac-learning enable
host-synchronization enable
Use host-synchronization enable to enable host route advertisement through VXLAN IS-IS.
Use undo host-synchronization enable to disable host route advertisement through VXLAN IS-IS.
Syntax
host-synchronization enable
undo host-synchronization enable
Default
Host route advertisement through VXLAN IS-IS is disabled.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Usage guidelines
Host route advertisement enables the VTEP to advertise and receive host routes (host IP address and MAC address mappings) through VXLAN IS-IS. VXLAN IS-IS obtains local-host routes from the ARP or ND module. A host route contains a host's IP address, MAC address, and VXLAN ID.
MAC reachability information and host route information might overlap. As a best practice, do not enable both MAC reachability information advertisement and host route advertisement on a network that is complex or has heavy traffic.
Examples
# Enable host route advertisement through VXLAN IS-IS.
<Sysname> system-view
[Sysname] vxlan isis
[Sysname-vxlan-isis] host-synchronization enable
local-host proxy enable
Use local-host proxy enable to enable local-host route proxy.
Use undo local-host proxy enable to disable local-host route proxy.
Syntax
local-host proxy enable
undo local-host proxy enable
Default
Local-host route proxy is disabled.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Usage guidelines
Local-host route proxy enables VXLAN IS-IS to replace host MAC addresses with the MAC address of the local VSI interface before VXLAN IS-IS advertises host routes to remote VTEPs. This feature saves MAC address resources on VTEPs by associating multiple remote-host IP addresses with one MAC address.
Examples
# Enable local-host route proxy.
<Sysname> system-view
[Sysname] vxlan isis
[Sysname-vxlan-isis] local-host proxy enable
log-peer-change enable
Use log-peer-change enable to enable VXLAN IS-IS adjacency change logging.
Use undo log-peer-change enable to disable outputting VXLAN IS-IS adjacency change log messages.
Syntax
log-peer-change enable
undo log-peer-change enable
Default
VXLAN IS-IS adjacency change logging is enabled.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Usage guidelines
Adjacency change logging enables the VXLAN IS-IS process to send a log message to the information center when an adjacency change occurs.
With the information center, you can set log message filtering and output rules, including output destinations. For more information about using the information center, see Network Management and Monitoring Configuration Guide.
Examples
# Disable adjacency change logging for the VXLAN IS-IS process.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] log-peer-change enable
mac-synchronization enable
Use mac-synchronization enable to enable MAC reachability information advertisement through VXLAN IS-IS.
Use undo mac-synchronization enable to disable MAC reachability information advertisement through VXLAN IS-IS.
Syntax
mac-synchronization enable
undo mac-synchronization enable
Default
MAC reachability information advertisement through VXLAN IS-IS is disabled.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Usage guidelines
This command enables the VTEP to advertise and receive MAC reachability information through VXLAN IS-IS.
MAC reachability information and host route information might overlap. As a best practice, do not enable both MAC reachability information advertisement and host route advertisement on a network that is complex or has heavy traffic.
Examples
# Enable MAC advertisement through VXLAN IS-IS.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] mac-synchronization enable
negotiate-vni enable
Use negotiate-vni enable to enable VXLAN autonegotiation through VXLAN IS-IS.
Use undo negotiate-vni enable to disable VXLAN autonegotiation through VXLAN IS-IS.
Syntax
negotiate-vni enable
undo negotiate-vni enable
Default
VXLAN autonegotiation through VXLAN IS-IS is disabled.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Usage guidelines
To automatically assign VXLAN tunnels to VXLANs, enable VXLAN autonegotiation on all VTEPs.
VXLAN autonegotiation enables the VTEPs to advertise local VXLAN IDs through VXLAN IS-IS. Two VTEPs assign the VXLAN tunnel between them to a VXLAN if both of them have the VXLAN ID.
Examples
# Enable VXLAN autonegotiation through VXLAN IS-IS.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] negotiate-vni enable
overlay isis ded-priority
Use overlay isis ded-priority to change the DED priority of the VTEP on a tunnel interface.
Use undo overlay isis ded-priority to restore the default.
Syntax
overlay isis ded-priority priority
undo overlay isis ded-priority
Default
The DED priority value is 64.
Views
NVE tunnel interface view
VXLAN tunnel interface view
Predefined user roles
network-admin
Parameters
priority: Specifies a DED priority value in the range of 0 to 127.
Usage guidelines
On each VXLAN tunnel, the VTEP with higher DED priority is elected the DED to send CSNP packets periodically for LSDB synchronization. If the VTEPs have the same DED priority, the one with the higher MAC address is elected.
Examples
# Set the DED priority value of Tunnel 101 to 2.
<Sysname> system-view
[Sysname] interface tunnel 101
[Sysname-tunnel101] overlay isis ded-priority 2
Related commands
display vxlan isis tunnel
overlay isis timer csnp
Use overlay isis timer csnp to set the CSNP interval.
Use undo overlay isis timer csnp to restore the default.
Syntax
overlay isis timer csnp interval
undo overlay isis timer csnp
Default
The CSNP interval is 10 seconds.
Views
NVE tunnel interface view
VXLAN tunnel interface view
Predefined user roles
network-admin
Parameters
interval: Specifies an interval in the range of 1 to 600 seconds.
Usage guidelines
The setting takes effect only if the VTEP is the DED on the tunnel.
The DED sends CSNP packets at the specified interval to advertise LSP summaries to the remote VTEP for LSDB synchronization.
Examples
# Set the CSNP interval to 15 seconds on Tunnel 101.
<Sysname> system-view
[Sysname] interface tunnel 101
[Sysname-tunnel101] overlay isis timer csnp 15
Related commands
display vxlan isis tunnel
overlay isis timer hello
Use overlay isis timer hello to set the VXLAN IS-IS hello interval.
Use undo overlay isis timer hello to restore the default.
Syntax
overlay isis timer hello interval
undo overlay isis timer hello
Default
The VXLAN IS-IS hello interval is 10 seconds.
Views
NVE tunnel interface view
VXLAN tunnel interface view
Predefined user roles
network-admin
Parameters
interval: Specifies an interval in the range of 3 to 255 seconds.
Usage guidelines
Set the hello interval depending on the network convergence requirement and system resources.
· To increase the speed of network convergence, decrease the hello interval.
· To conserve resources, increase the hello interval.
If the VTEP is a DED, its hello interval is one-third of the hello interval set by using this command.
Examples
# Set the VXLAN IS-IS hello interval to 6 seconds on Tunnel 101.
<Sysname> system-view
[Sysname] interface tunnel 101
[Sysname-tunnel101] overlay isis timer hello 6
Related commands
display vxlan isis tunnel
overlay isis timer holding-multiplier
Use overlay isis timer holding-multiplier to set the hello multiplier for calculating the VXLAN IS-IS adjacency hold time.
Use undo overlay isis timer holding-multiplier to restore the default.
Syntax
overlay isis timer holding-multiplier value
undo overlay isis timer holding-multiplier
Default
The hello multiplier is 3 for calculating the VXLAN IS-IS adjacency hold time.
Views
NVE tunnel interface view
VXLAN tunnel interface view
Predefined user roles
network-admin
Parameters
value: Specifies a multiplier in the range of 3 to 1000.
Usage guidelines
Adjacency hold time sets the amount of time that the remote VTEPs can retain the adjacency with the local VTEP before an adjacency update. VTEPs send their adjacency hold time in hello packets to update the adjacencies with their neighbors. A VTEP removes the adjacency with a neighbor if it does not receive a hello packet from the neighbor before the timer expires.
· If Graceful Restart is disabled, the adjacency hold time equals the VXLAN IS-IS hello interval multiplied by the hello multiplier.
· If Graceful Restart is enabled, the adjacency hold time equals the greater value between the following settings:
¡ The restart interval.
¡ The VXLAN IS-IS hello interval multiplied by the hello multiplier.
The maximum adjacency hold time is 65535 seconds. If this value is exceeded, the actual adjacency hold time is set to 65535 seconds.
Examples
# Set the hello multiplier to 6 for calculating the VXLAN IS-IS adjacency hold time.
<Sysname> system-view
[Sysname] interface tunnel 101
[Sysname-tunnel101] overlay isis timer holding-multiplier 6
Related commands
overlay isis timer hello
overlay isis timer lsp
Use overlay isis timer lsp to set the minimum LSP transmit interval and the maximum number of LSPs that can be sent at each interval.
Use undo overlay isis timer lsp to restore the default.
Syntax
overlay isis timer lsp interval [ count count ]
undo overlay isis timer lsp
Default
The minimum LSP transmit interval is 100 milliseconds. A maximum of five LSPs can be sent at each interval.
Views
NVE tunnel interface view
VXLAN tunnel interface view
Predefined user roles
network-admin
Parameters
interval: Specifies the minimum LSP transmit interval, a multiple of 100 in the range of 100 to 1000 milliseconds.
count count: Specifies the maximum number of LSP packets that can be sent at each interval. The value range is 1 to 1000.
Usage guidelines
The VTEP generates an LSP update when any LSDB content changes. For example, a MAC address is removed or added.
Use this command to control the amount of LSP packets that the VTEP sends out. To decrease the amount of LSP packets, increase the interval and decreases the maximum number of LSP packets sent at each interval.
Examples
# Set the minimum LSP transmit interval to 500 ms.
<Sysname> system-view
[Sysname] interface tunnel 101
[Sysname-tunnel101] overlay isis timer lsp 500
Related commands
display vxlan isis brief
reserved vxlan
Use reserved vxlan to specify a VXLAN for the VTEP to exchange VXLAN IS-IS packets with other VTEPs.
Use undo reserved vxlan to restore the default.
Syntax
reserved vxlan vxlan-id
undo reserved vxlan
Default
No VXLAN has been reserved.
Views
System view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can specify only one reserved VXLAN on the VTEP. All VSIs on the VTEP use the reserved VXLAN to send and receive VXLAN IS-IS packets.
To exchange VXLAN IS-IS packets, two VTEPs must use the same reserved VXLAN.
The reserved VXLAN cannot be the VXLAN created on any VSI.
Examples
# Specify VXLAN 10000 as the reserved VXLAN for VXLAN IS-IS.
<Sysname> system-view
[Sysname] reserved vxlan 10000
reset vxlan isis
Use reset vxlan isis to clear dynamic VXLAN IS-IS data.
Syntax
reset vxlan isis
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command clears data on the VXLAN IS-IS process, including neighbor information, local and remote MAC reachability information, VXLAN IDs, and the LSDB.
Examples
# Clear dynamic data on the VXLAN IS-IS process.
<Sysname> reset vxlan isis
timer lsp-max-age
Use timer lsp-max-age to specify the maximum lifetime of LSPs generated by the VTEP.
Use undo timer lsp-max-age to restore the default.
Syntax
timer lsp-max-age seconds
undo timer lsp-max-age
Default
The maximum LSP lifetime is 1200 seconds.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Parameters
seconds: Specifies the maximum LSP lifetime in the range of 3 to 65535 seconds.
Usage guidelines
This command specifies the maximum amount of time an LSP generated by the local VXLAN IS-IS process can be valid in an LSDB. When the timer decreases to zero, the LSP is removed from the LSDB.
Examples
# Set the maximum LSP lifetime to 25 minutes (1500 seconds) on the VXLAN IS-IS process.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] timer lsp-max-age 1500
Related commands
display vxlan isis brief
timer lsp-refresh
Use timer lsp-refresh to specify the LSP refresh interval.
Use undo timer lsp-refresh to restore the default.
Syntax
timer lsp-refresh seconds
undo timer lsp-refresh
Default
The LSP refresh interval is 900 seconds.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Parameters
seconds: Specifies an interval in the range of 1 to 65534 seconds.
Usage guidelines
Each VTEP updates the LSPs that they generated at the LSP refresh interval to maintain LSDB consistency across the VXLAN network.
To avoid unnecessary LSP age-outs at remote VTEPs, make sure the LSP refresh interval is shorter than the LSP lifetime.
Examples
# Set the LSP refresh interval to 1500 seconds.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] timer lsp-refresh 1500
Related commands
display vxlan isis brief
timer lsp-max-age
virtual-system
Use virtual-system to create a VXLAN IS-IS virtual system.
Use undo virtual-system to delete a VXLAN IS-IS virtual system.
Syntax
virtual-system systemid
undo virtual-system systemid
Default
No VXLAN IS-IS virtual systems exist.
Views
VXLAN IS-IS view
Predefined user roles
network-admin
Parameters
systemid: Specifies a virtual system ID in XXXX.XXXX.XXXX format. Each X represents a hexadecimal digit.
Usage guidelines
The virtual system ID must be unique among all VTEPs.
The VXLAN IS-IS process sends all local MAC reachability information in one LSP. By default, an LSP can convey a maximum of 55 x 210 MAC address entries.
To increase this number to include all local MAC address entries, create virtual systems. Each virtual system represents an increase of 55 x 210 MAC address entries.
Examples
# Create virtual system 0001.0001.0001.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis] virtual-system 0001.0001.0001
Related commands
display vxlan isis brief
vxlan-isis
Use vxlan-isis to create a VXLAN IS-IS process and enter its view, or enter the view of the existing VXLAN IS-IS process.
Use undo vxlan-isis to delete the VXLAN IS-IS process.
Syntax
vxlan-isis
undo vxlan-isis
Default
The VXLAN IS-IS process does not exist.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You can create only one VXLAN IS-IS process.
All settings configured in VXLAN IS-IS view are removed if you delete the VXLAN IS-IS process.
Examples
# Enter VXLAN IS-IS process view.
<Sysname> system-view
[Sysname] vxlan-isis
[Sysname-vxlan-isis]
Related commands
display vxlan isis brief
arp suppression enable,1
bandwidth,24
default,24
description,2
description,25
display arp suppression vsi,3
display interface vsi-interface,26
display l2vpn interface,4
display l2vpn mac-address,6
display l2vpn vsi,7
display vxlan isis brief,45
display vxlan isis graceful-restart status,46
display vxlan isis local-host,48
display vxlan isis local-mac,49
display vxlan isis lsdb,49
display vxlan isis peer,52
display vxlan isis remote-host,52
display vxlan isis remote-mac,53
display vxlan isis remote-vxlan,54
display vxlan isis tunnel,55
display vxlan neighbor-discovery client member,35
display vxlan neighbor-discovery client statistics,37
display vxlan neighbor-discovery client summary,38
display vxlan neighbor-discovery server member,39
display vxlan neighbor-discovery server statistics,40
display vxlan neighbor-discovery server summary,40
display vxlan tunnel,9
distributed-gateway local,29
flooding disable,11
gateway subnet,29
gateway vsi-interface,30
graceful-restart,56
graceful-restart interval,57
host-mac-learning enable,58
host-synchronization enable,58
interface vsi-interface,31
l2vpn enable,11
l2vpn rewrite inbound tag,12
local-host proxy enable,59
log-peer-change enable,59
mac-address,31
mac-address static,13
mac-synchronization enable,60
mtu,32
mtu,14
negotiate-vni enable,61
network-id,41
overlay isis ded-priority,61
overlay isis timer csnp,62
overlay isis timer hello,63
overlay isis timer holding-multiplier,63
overlay isis timer lsp,64
reserved vxlan,65
reset arp suppression vsi,15
reset counters interface vsi-interface,32
reset l2vpn mac-address,15
reset vxlan isis,66
selective-flooding mac-address,16
shutdown,33
shutdown,16
timer lsp-max-age,66
timer lsp-refresh,67
tunnel,17
tunnel global source-address,18
virtual-system,67
vsi,19
vtep group member local,33
vtep group member remote,34
vxlan,19
vxlan invalid-udp-checksum discard,20
vxlan invalid-vlan-tag discard,21
vxlan local-mac report,21
vxlan neighbor-discovery authentication,42
vxlan neighbor-discovery client enable,43
vxlan neighbor-discovery client register-interval,43
vxlan neighbor-discovery server enable,44
vxlan tunnel arp-learning disable,35
vxlan tunnel mac-learning disable,22
vxlan udp-port,22
vxlan-isis,68
xconnect vsi,23
