No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VXLAN Configuration Commands

VXLAN Configuration Commands

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE6880EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI switches support VXLAN.

active-active-gateway

Function

The active-active-gateway command creates all-active gateways and displays the all-active gateway view.

The undo active-active-gateway command deletes all-active gateways.

By default, no all-active gateway is created.

Format

active-active-gateway

undo active-active-gateway

Parameters

None

Views

DFS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Generally, multiple gateways are deployed on a VXLAN network to ensure high reliability. In traditional solutions, gateways work in active/standby mode and only the active gateway can forward traffic, resulting in low gateway utilization. VXLAN all-active gateways can improve gateway utilization.

To implement VXLAN all-active gateways, configure the same IP address for multiple gateways for establishing VXLAN tunnels with access devices. In this way, the gateways are virtualized into one device, and they establish neighbor relationships. When access devices send traffic to the gateway address, traffic is load balanced to these gateways through ECMP, implementing traffic-based load balancing.

Follow-up Procedure

Run the peer ip-address [ vpn-instance vpn-instance-name ] command to configure the IP address of an all-active gateway peer.

Precautions

You need to run this command on each gateway only when centralized all-active gateways are deployed on a VXLAN network.

After you delete a DFS group, the all-active gateway configuration in the group is deleted simultaneously.

Example

# Create all-active gateways in DFS group 1 and enter the all-active gateway view.

<HUAWEI> system-view
[~HUAWEI] dfs-group 1
[*HUAWEI-dfs-group-1] active-active-gateway
[*HUAWEI-dfs-group-1-active-active-gateway] 

alarm-threshold route

Function

The alarm-threshold route command sets a threshold and log recovery percentage for the number of EVPN routes.

The undo alarm-threshold route command cancels the settings.

By default, the threshold and log recovery percentage for the number of EVPN routes are not configured.

Format

alarm-threshold route route-number [ recovery-percentage percentage ]

undo alarm-threshold route route-number [ recovery-percentage percentage ]

Parameters

Parameter Description Value
route-number Specifies the threshold for the number of EVPN routes. The value is an integer ranging from 1 to 4294967295.
recovery-percentage percentage Specifies the log recovery percentage. The value is an integer ranging from 1 to 95. After the threshold for the number of EVPN routes is set, the log recovery percentage is 80 by default.

Views

BGP-EVPN address family view or BGP multi-instance EVPN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a distributed VXLAN gateway is deployed, EVPN serves as the control plan to deliver routes. As more and more hosts access the gateway, routes stored on the control plane increase greatly, consuming a lot of memory resources. To better monitor the impact of an increase in route quantity on memory and prevent device restart caused by memory insufficiency, run the alarm-threshold route command to set a threshold for the number of routes. When the number of routes exceeds the threshold, a user log will be generated. When the number of routes equals the log recovery percentage, a recovery log will be generated.

Example

# Set a threshold and log recovery percentage for the number of EVPN routes.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn] alarm-threshold route 10000 recovery-percentage 90

authentication (EVN BGP view)

Function

The authentication command configures MD5 or Keychain authentication for EVN BGP peers when they set up a TCP connection.

The undo authentication command deletes an authentication mode of EVN BGP peers.

By default, no authentication mode is configured.

Format

authentication { md5 [ cipher ] cipher-password | keychain keychain-name }

undo authentication { md5 [ cipher ] | keychain }

Parameters

Parameter Description Value
md5 Specifies MD5 cipher-text authentication mode. -
cipher Specifies the cipher-text password. -
cipher-password Specifies the password.

The value is a string of case-sensitive characters without spaces. The length of a plain-text password ranges from 1 to 255, and the length of a cipher-text password is 20 to 432. When double quotation marks are used around the string, spaces are allowed in the string.

keychain keychain-name Specifies the Keychain name. The value is a string of 1 to 47 case-insensitive characters except question marks (?) and spaces. However, when double quotation marks (") are used to include the string, spaces are allowed in the string.

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

EVN BGP uses TCP as the transport layer protocol. For security purposes, run the authentication command to configure MD5 or Keychain authentication for EVN BGP peers when they set up a TCP connection.

Precautions

MD5 authentication and Keychain authentication cannot be configured simultaneously on an EVN BGP peer.

Example

# Configure Keychain authentication for EVN BGP peers when they set up a TCP connection.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] authentication keychain abc

arp broadcast-suppress enable

Function

The arp broadcast-suppress enable command enables ARP broadcast suppression in a BD. This function allows a gateway to unicast the ARP broadcast packets received in a BD, preventing network congestion.

The undo arp broadcast-suppress enable command disables ARP broadcast suppression in a BD.

By default, ARP broadcast suppression is disabled in a BD.

Format

arp broadcast-suppress [ mismatch-discard ] enable

undo arp broadcast-suppress [ mismatch-discard ] enable

Parameters

Parameter Description Value
mismatch-discard

Indicates that the device drops packets that do not match any entries in the ARP broadcast suppression table.

-

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a gateway receives a large number of ARP requests within a short period and broadcasts the ARP requests in a BD, excessive ARP requests are forwarded. As a result, excessive network resources are used, and traffic congestion may occur. ARP broadcast suppression can effectively ease the pressure on gateways in handling ARP packets.

ARP broadcast suppression can effectively ease the pressure on gateways in handling ARP packets. After receiving an ARP request, a gateway searches the broadcast suppression table that contains the mapping between the IP and MAC addresses of each destination device.
  • If a matching entry is found, the gateway replaces the broadcast MAC address in the received ARP request with the MAC address of the destination device, and then sends the request out through the interface matching the destination MAC address.
  • If a matching entry is not found:
    • The gateway broadcasts the ARP request in the BD if the mismatch-discard parameter is not set in the arp broadcast-suppress enable command.
    • The gateway drops the ARP request if the mismatch-discard parameter is set in the arp broadcast-suppress enable command.

Precautions

The implementation of ARP broadcast suppression depends on the ARP broadcast suppression table stored on a gateway. If such a table is unavailable on a gateway and the arp broadcast-suppress enable command is run, the gateway handles all received ARP requests based on whether the mismatch-discard parameter is set in the arp broadcast-suppress enable command. If both the arp broadcast-suppress enable and arp broadcast-suppress mismatch-discard enable commands are run, only the configuration of the later executed command takes effect.

VLAN-BD binding is exclusive with ARP broadcast suppression. Therefore, do not enable ARP broadcast suppression after the l2 binding vlan vlan-id command is run to configure VXLAN service access.

The arp broadcast-suppress enable command cannot be used with the arp copy-to-controller enable or arp redirect-to-controller enable command.

Example

# Enable ARP broadcast suppression in BD 10.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] arp broadcast-suppress enable

# Enable ARP broadcast suppression in BD 20.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 20
[*HUAWEI-bd20] arp broadcast-suppress mismatch-discard enable

arp collect host enable

Function

The arp collect host enable command enables EVN BGP or BGP EVPN to collect host information.

The undo arp collect host enable command disables EVN BGP or BGP EVPN from collecting host information.

By default, EVN BGP or BGP EVPN is disabled from collecting host information.

Format

arp collect host enable

undo arp collect host enable

Parameters

None

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When tenants access each other for the first time, they send ARP requests. These ARP requests are broadcast on Layer 2 networks and may cause a broadcast storm. To prevent this problem, ARP broadcast suppression can be enabled on Layer 2 VXLAN gateways. However, ARP broadcast suppression replies on the host information table (containing the host IP address, MAC address, VETP address, and VNI ID) on a Layer 3 gateway.

To allow a Layer 3 VXLAN gateway to obtain host information, run the arp collect host enable command in the VBDIF interface view to enable EVN BGP or BGP EVPN to collect host information.

In distributed VXLAN gateway (BGP EVPN) scenarios, if VXLAN gateways advertise IRB routes to each other, run the arp collect host enable command for host route advertisement.

Follow-up Procedure

Run the arp broadcast-suppress enable command on a Layer 2 gateway to enable ARP broadcast suppression.

Example

# Enable EVN BGP or BGP EVPN on VBDIF 10 to collect host information.

<HUAWEI> system-view
[~HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] arp collect host enable

arp copy-to-controller enable

Function

The arp copy-to-controller enable command enables the device to copy the received ARP packets to the Agile Controller-DCN using the OpenFlow protocol.

The undo arp copy-to-controller enable command disables the device from copying the received ARP packets to the Agile Controller-DCN using the OpenFlow protocol.

By default, the device does not copy the received ARP packets to the Agile Controller-DCN.

Format

arp copy-to-controller enable

undo arp copy-to-controller enable

Parameters

None

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the VXLAN centralized gateway scenario, if a gateway or host receives a large number of ARP packets in a short period and needs to process the packets, the CPU usage will be increased. As a result, network performance deteriorates and user services are affected.

After you run this command on the VXLAN tunnel source, the VXLAN tunnel source copies ARP packets received from tenants to the Agile Controller-DCN using the OpenFlow protocol. The Agile Controller-DCN uniformly responds to the ARP packets to achieve unified network management, which helps the Agile Controller-DCN obtain location information of tenants.

Precautions

To make the function take effect, ensure that the VXLAN service has been deployed for the basic network on the Agile Controller-DCN.

The arp copy-to-controller enable command cannot be used with the arp redirect-to-controller enable/arp broadcast-suppress enable command.

Example

# Enable the device to copy the received ARP packets to the Agile Controller-DCN using the OpenFlow protocol in BD 10.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] arp copy-to-controller enable

arp distribute-gateway enable

Function

The arp distribute-gateway enable command enables the distributed gateway function.

The undo arp distribute-gateway enable command disables the distributed gateway function.

By default, the distributed gateway function is disabled.

Format

arp distribute-gateway enable

undo arp distribute-gateway enable

Parameters

None

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To configure a gateway to function as a distributed gateway and learn only the ARP packets sent by the user-side host, run the arp distribute-gateway enable command to enable the distributed gateway function. After this function is enabled:
  • The gateway processes only ARP packets sent by user-side interfaces and advertises host routes.

  • The gateway deletes the ARP packets sent by network-side interfaces as well as the associated host routes.

Configuration Impact

After the distribution gateway function is enabled:
  • Static ARP entries on the network side fail to be configured on the gateway.
  • If multiple gateways have the same IP address, after this command is run to enable the distributed gateway function on a gateway, this gateway does not report an ARP conflict.

Example

# Enable the distributed gateway function on an interface named vbdif 10.
<HUAWEI> system-view
[~HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] arp distribute-gateway enable

arp import host untrust

Function

The arp import host untrust command enables a forwarder to generate ARP entries based on the OpenFlow table delivered by the Agile Controller-DCN (AC-DCN controller).

The undo arp import host command disables a forwarder from generating ARP entries based on the OpenFlow table delivered by the AC-DCN controller.

By default, a forwarder does not generate ARP entries based on the OpenFlow table delivered by the AC-DCN controller.

Format

arp import host untrust

undo arp import host [ untrust ]

Parameters

None

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Whether a forwarder generates ARP entries based on the OpenFlow table delivered by the AC-DCN controller is determined by user configuration. To enable a forwarder to generate ARP entries based on the OpenFlow table delivered by the AC-DCN controller, run the arp import host untrust command.
  • If the information in the OpenFlow table is consistent with the dynamic ARP entries on the forwarder, the forwarder changes the type of the dynamic ARP entries to OpenFlow.

    NOTE:

    ARP entries of the OpenFlow type are similar to static ARP entries, the forwarder does not age out the ARP entries of the OpenFlow type.

  • If the information in the OpenFlow table is inconsistent with the dynamic ARP entries on the forwarder, the forwarder trusts the learned dynamic ARP entries, instead of generating new ARP entries based on the OpenFlow table.
  • If dynamic ARP entries do not exist on the forwarder, the forwarder simply generates ARP entries of the OpenFlow type based on the OpenFlow table.

Example

# On interface VBDIF 10, configure a forwarder to generate ARP entries based on the OpenFlow table delivered by the AC-DCN controller.

<HUAWEI> system-view
[~HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] arp import host untrust

arp miss disable

Function

The arp miss disable command disables a VBDIF interface from sending ARP Miss messages.

The undo arp miss disable command enables a VBDIF interface to send ARP Miss messages.

By default, a VBDIF interface can send ARP Miss messages.

Format

arp miss disable

undo arp miss disable

Parameters

None

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the device wants to communicate with another device in the same network segment, it queries ARP entries to direct packet forwarding. If the device fails to find the corresponding ARP entry from the forwarding plane, it sends an ARP Miss message to the CPU. The ARP Miss message will trigger the device to send an ARP broadcast packet to start ARP learning. In some cases, customers may want to limit the number of broadcast packets on the VXLAN network. You can then disable a VBDIF interface from sending ARP Miss messages to achieve this purpose.

After a VBDIF interface is disabled from sending ARP Miss messages, the device cannot learn ARP entries from this VBDIF interface, so ARP entries must be manually configured on it.

Example

# Disable a VBDIF interface from sending ARP Miss messages.

<HUAWEI> system-view
[~HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] arp miss disable

arp redirect-to-controller enable

Function

The arp redirect-to-controller enable command enables the device to redirect ARP packets to the Agile Controller-DCN using the OpenFlow protocol.

The undo arp redirect-to-controller enable command disables the device from redirecting ARP packets to the Agile Controller-DCN using the OpenFlow protocol.

By default, the device does not redirect ARP packets to the Agile Controller-DCN.

NOTE:

The CE6870EI and CE6880EI do not support this command.

Format

arp redirect-to-controller enable

undo arp redirect-to-controller enable

Parameters

None

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In the VXLAN centralized gateway scenario, if a gateway or host receives a large number of ARP packets in a short period and needs to process the packets, the CPU usage will be increased. As a result, network performance deteriorates and user services are affected.

After you run this command on the VXLAN tunnel source, the VXLAN tunnel source redirects ARP packets received from tenants to the Agile Controller-DCN using the OpenFlow protocol. The Agile Controller-DCN uniformly responds to the ARP packets to achieve unified network management, which helps the Agile Controller-DCN obtain location information of tenants.

Precautions

To make the command to take effect, ensure that the VXLAN service deployment has been complete on the Agile Controller-DCN.

The arp redirect-to-controller enable command cannot be used with the arp copy-to-controller enable or arp broadcast-suppress enable command.

Example

# Enable the device to redirect the received ARP packets to the AC using the OpenFlow protocol in BD 10.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] arp redirect-to-controller enable

arp static vni

Function

The arp static vni command configures a static address resolution protocol (ARP) entry for a VXLAN tunnel.

The undo arp static vni command deletes a static ARP entry of a VXLAN tunnel.

By default, no static ARP entry is configured for any VXLAN tunnel.

Format

arp static ip-address mac-address vni vni-id source-ip source-ip peer-ip peer-ip

undo arp static ip-address mac-address vni vni-id source-ip source-ip peer-ip peer-ip

Parameters

Parameter Description Value
ip-address

Specifies a destination IP address.

The value is in dotted decimal notation.
mac-address

Specifies a destination MAC address to be mapped to a specified destination IP address.

The value is in the format of H-H-H. Each H is a 4-bit hexadecimal number, such as 00e0 or fc01. If an H contains less than four digits, 0s are added ahead. For example, e0 is equal to 00e0.
vni-id Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

source-ip source-ip Specifies the IP address of a source VTEP. The value is in dotted decimal notation.
peer-ip peer-ip Specifies the IP address of a remote VTEP. The value is in dotted decimal notation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Static ARP entries are manually configured and maintained. They can be neither aged nor overwritten by dynamic ARP entries. To enhance communication security, run the arp static vni command on a VXLAN Layer 3 gateway to configure a static ARP entry. If a static ARP entry is configured on a device, the device can communicate with a peer device only using the MAC address mapped to the peer device's IP address. Network attackers cannot modify the mapping between the IP and MAC addresses using ARP messages, ensuring communication between the two devices.

Prerequisites

VXLAN tunnels have been established, and Layer 3 gateways have been configured.

Precautions

ip-address specified in this command must belong to the same network segment as the IP address of the outbound interface.

Example

# Configure a static ARP entry for a VXLAN tunnel, mapping IP address 10.0.0.1 to MAC address aa-fcc-12.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] vxlan vni 5000
[*HUAWEI-bd10] quit
[*HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] ip address 10.0.0.10 255.255.255.0
[*HUAWEI-Vbdif10] quit
[*HUAWEI] interface nve 1
[*HUAWEI-Nve1] source 1.1.1.1
[*HUAWEI-Nve1] vni 5000 head-end peer-list 2.2.2.2
[*HUAWEI-Nve1] quit
[*HUAWEI] arp static 10.0.0.1 aa-fcc-12 vni 5000 source-ip 1.1.1.1 peer-ip 2.2.2.2

assign forward nvo3 acl extend enable

Function

The assign forward nvo3 acl extend enable command enables the NVO3 ACL extension function.

The undo assign forward nvo3 acl extend enable command disables the NVO3 ACL extension function.

By default, the NVO3 ACL extension function is disabled.

If you configure the NVO3 ACL extension function on a VXLAN-enabled switch, ACL resources are optimized to reduce ACL resources occupied by the VXLAN service. You are advised to configure this command after the VXLAN service is deployed.

NOTE:

Only the CE6870EI supports this command.

Format

assign forward nvo3 acl extend enable

undo assign forward nvo3 acl extend enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, the NVO3 ACL extension function is disabled. If you configure other ACL-consuming services, such as MQC, simplified ACL, traffic policing, and BD traffic statistics collection, on the device deployed with NVO3 services, there is high probability that the other services fail to be configured. You can enable the NVO3 ACL extension function to lower the configuration failure probability.

Precautions

After you run this command to enable the NVO3 ACL extension function, you need to restart the device to make the configuration take effect.

Example

# Enable the NVO3 ACL extension function.

<HUAWEI> system-view
[~HUAWEI] assign forward nvo3 acl extend enable

assign forward nvo3 ecmp hash enable

Function

The assign forward nvo3 ecmp hash enable command enables load balancing of NVO3 packets through ECMP in optimized mode.

The undo assign forward nvo3 ecmp hash enable command disables load balancing of NVO3 packets through ECMP in optimized mode.

By default, load balancing of NVO3 packets through ECMP in optimized mode is disabled.

NOTE:

Only the CE6870EI supports this command.

Format

assign forward nvo3 ecmp hash enable

undo assign forward nvo3 ecmp hash enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When ECMP is used to load balance NVO3 packets on an NVO3-enabled network, run this command to enable load balancing or improve the load balancing effect.

Example

# Enable load balancing of NVO3 packets through ECMP in optimized mode.

<HUAWEI> system-view
[~HUAWEI] assign forward nvo3 ecmp hash enable

assign forward nvo3 eth-trunk hash enable

Function

The assign forward nvo3 eth-trunk hash enable command enables an Eth-Trunk to load balance NVO3 packets in optimized mode.

The undo assign forward nvo3 eth-trunk hash enable command disables an Eth-Trunk from load balancing NVO3 packets in optimized mode.

By default, an Eth-Trunk does not load balance NVO3 packets in optimized mode.

NOTE:

Only the CE6870EI supports this function.

Format

assign forward nvo3 eth-trunk hash enable

undo assign forward nvo3 eth-trunk hash enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When Eth-Trunks are used to load balance NVO3 packets on an NVO3-enabled network, run this command to enable load balancing or improve the load balancing effect.

Example

# Enable an Eth-Trunk to load balance NVO3 packets in optimized mode.

<HUAWEI> system-view
[~HUAWEI] assign forward nvo3 eth-trunk hash enable

bfd enable

Function

The bfd enable command enables Bidirectional Forwarding Detection (BFD) on an EVN BGP peer.

The undo bfd enable command disables BFD.

By default, BFD is disabled on an EVN BGP peer.

Format

bfd enable

undo bfd enable

Parameters

None

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

EVN BGP uses fast detection of BFD to quickly detect link faults between EVN BGP peers, improving the network convergence speed.

Precautions

A BFD session can be established only when the EVN BGP peers are in Established state.

Before enabling BFD on an EVN BGP peer, run the bfd command in the system view to enable BFD.

Follow-up Procedure

After BFD is enabled using the bfd enable command, BFD parameters use the default settings. To modify BFD parameters, run the bfd (EVN BGP view) command.

Example

# Enable BFD on an EVN BGP peer.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] bfd enable

bfd (EVN BGP view)

Function

The bfd command sets BFD parameters on an EVN BGP peer.

The undo bfd command restores the default values for BFD parameters.

By default, BFD parameters use default values.

Format

bfd { min-tx-interval min-tx-interval | min-rx-interval min-rx-interval | detect-multiplier multiplier } *

undo bfd { min-tx-interval | min-rx-interval | detect-multiplier } *

Parameters

Parameter Description Value
min-tx-interval min-tx-interval Specifies the interval for sending BFD packets.

The value is an integer ranging from 50 to 1000, in milliseconds. The default value is 1000. It is recommended that the default value be used.

min-rx-interval min-rx-interval Specifies the interval for receiving BFD packets.

The value is an integer ranging from 50 to 1000, in milliseconds. The default value is 1000. It is recommended that the default value be used.

detect-multiplier multiplier Specifies the local detection multiplier. The value is an integer that ranges from 3 to 50. The default value is 3.

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

BFD can provide millisecond-level fault detection by configuring BFD parameters. When working with EVN BGP, it can rapidly detect faults between EVN BGP peers, and instruct EVN BGP to recalculate routes for correct packet forwarding.

Precautions

If you run bfd command multiple times, only the latest configuration takes effect.

Example

# Set BFD parameters.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 5

bfd bind vxlan peer-ip

Function

The bfd bind vxlan peer-ip command creates BFD for VXLAN session binding information and displays the BFD session view.

The undo bfd session-name command deletes a BFD for VXLAN session and its binding information.

By default, no BFD for VXLAN sessions are created.

Format

bfd session-name bind vxlan peer-ip peer-ip-address source-ip source-ip-address peer-mac peer-mac-address auto

undo bfd session-name

Parameters

Parameter Description Value
session-name Specifies the name of a BFD session.
The value is a string of 1 to 15 case-sensitive characters without spaces.
NOTE:

When double quotation marks are used around the string, spaces are allowed in the string.

peer-ip peer-ip-address Specifies the destination VTEP IP address of a VXLAN tunnel to be monitored by a BFD session. The value is in dotted decimal notation.
source-ip source-ip-address Specifies the source VTEP IP address of a VXLAN tunnel to be monitored by a BFD session. The value is a unicast address in dotted decimal notation.
peer-mac peer-mac-address Specifies the destination VTEP MAC address of a VXLAN tunnel to be monitored by a BFD session. -
auto Enables the auto-negotiation function for static discriminators. -

Views

System View

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To use BFD to monitor VXLAN tunnel connectivity for VXLAN tunnel protection switching, create a BFD for VXLAN session on a VXLAN gateway.

peer-ip-address and source-ip-address respectively represent the destination and source VTEP IP addresses of a VXLAN tunnel to be monitored by a BFD session and are written into the inner IP headers of BFD packets.

A destination VTEP bridge MAC address or multicast MAC address must be specified for peer-mac-address. The value of this parameter is written into the inner destination MAC address field of BFD packets, so that the peer VTEP can receive and process the BFD packets.

Prerequisites

BFD has been enabled globally using the bfd command run in the system view.

Follow-up Procedure

After a static BFD session with automatically negotiated discriminators is created, optionally perform the following operations in the BFD view:

  • Run the min-tx-interval command to set a desired minimum interval at which BFD packets are sent.
  • Run the min-rx-interval command to set a desired minimum interval at which BFD packets are received.
  • Run the detect-multiplier command to set a local detection multiplier for the BFD session.
  • Run the wtr command to set the WTR time for the BFD session.

Precautions

You do not need to configure local and remote discriminators for BFD for VXLAN sessions.

Only one BFD for VXLAN session can be established between a pair of VTEPs, and the VNI for the VXLAN must be 0.

BFD cannot be used to check VXLAN tunnel connectivity when M-LAG-enabled devices have the same VTEP address.

Example

# Create a BFD for VXLAN session named atob to monitor the VXLAN tunnel with the source VTEP IP address 2.2.2.2, destination VTEP IP address 4.4.4.4, and destination VTEP MAC address 3883–2021–1200.

<HUAWEI> system-view
[~HUAWEI] bfd
[*HUAWEI-bfd] quit
[*HUAWEI] bfd atob bind vxlan peer-ip 4.4.4.4 source-ip 2.2.2.2 peer-mac 3883-2021-1200 auto
[*HUAWEI-bfd-session-atob]

bridge-domain (System view)

Function

The bridge-domain command creates a bridge domain (BD) and displays the BD view, or directly displays the BD view if the BD exists.

The undo bridge-domain command deletes a BD.

By default, no BD is created.

Format

bridge-domain bd-id

undo bridge-domain bd-id

Parameters

Parameter Description Value
bd-id Specifies a BD ID. The value is an integer ranging from 1 to 16777215.
NOTE:
The number of BDs supported by a switch is as follows:
  • CE7850EI, CE6850HI, CE6850U-HI, and CE6851HI: 4000
  • CE6855HI, CE6856HI, CE6860EI, CE6880EI, CE7855EI, CE8850EI, and CE8860EI: 8000
  • CE6870EI:
    • When the large Layer 3 interface mode is not configured: 8000
    • When the large Layer 3 interface mode is configured and ARP resource allocation is in non-extended mode: 32000
    • When the large Layer 3 interface mode is configured and ARP resource allocation is in extended mode: 8000

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A virtual network (VN) on a VXLAN is a virtual broadcast domain. VXLAN network identifiers (VNIs) identifying VNs must be mapped to BDs in 1:1 mode so that a BD can function as a VXLAN network entity to transmit VXLAN traffic. To create a BD, run the bridge-domain command.

Follow-up Procedure

Run the interface vbdif bd-id command to create a Layer 3 VBDIF interface for a BD. A BD functions similar to a VLAN as a broadcast domain. A VBDIF interface, also similar to a VLANIF interface, can be used for Layer 2 termination and Layer 3 access.

Example

# Create a BD with the ID of 10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10

bridge-domain (Layer 2 sub-interface view)

Function

The bridge-domain command adds a Layer 2 sub-interface to a bridge domain (BD).

The undo bridge-domain command removes a Layer 2 sub-interface from a BD.

By default, no Layer 2 sub-interface is added to any BD.

Format

bridge-domain bd-id

undo bridge-domain

Parameters

Parameter Description Value
bd-id Specifies a BD ID. The value is an integer ranging from 1 to 16777215.

Views

Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To allow service packets to be transmitted through a BD, run the bridge-domain command to add a Layer 2 sub-interface to the BD.

Prerequisites

  1. A BD has been created using the bridge-domain bd-id command in the system view.
  2. An Layer 2 sub-interface has been created using the interface interface-type interface-number.subnum mode l2 command in the system view.

Precautions

Each Layer 2 sub-interface belongs to only one BD.

Example

# Add 10GE1/0/1.1 to a BD with the ID of 10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] quit
[*HUAWEI] interface 10ge1/0/1.1 mode l2
[*HUAWEI-10GE1/0/1.1] bridge-domain 10

description (BD view)

Function

The description command configures a description for a bridge domain (BD).

The undo description command deletes the description of a BD.

By default, no description is configured for any BD.

Format

description description

undo description

Parameters

Parameter Description Value
description Specifies a description. The value is a string of 1 to 80 case-sensitive characters, spaces supported.

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

If the bridge-domain bd-id command has been run several times to configure multiple BDs, run the description command to configure a description for each BD. The description helps rapidly understand the BD's function, which facilitates service management.

Example

# Configure the description VXLAN for the BD with the ID of 10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] description VXLAN

display arp broadcast-suppress user bridge-domain

Function

The display arp broadcast-suppress user bridge-domain command displays ARP broadcast suppression entries in a BD.

Format

display arp broadcast-suppress user bridge-domain bd-id

Parameters

Parameter Description Value
bd-id Displays ARP broadcast suppression entries in a specified BD. The value is an integer ranging from 1 to 16777215.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

ARP broadcast suppression can effectively ease the pressure on gateways in handling ARP packets. If ARP broadcast suppression is enabled, a gateway checks whether host information corresponding to the destination IP address (mapping between the IP address and MAC address of the peer device) exists upon receipt of an ARP request.
  • If such mapping exists, the gateway replaces the broadcast MAC address in the ARP request with the MAC address of the peer device and then sends the ARP request through the interface corresponding to the MAC address of the peer device.
  • If such mapping does not exist, the gateway broadcasts the ARP request in the BD as usual.

To view ARP broadcast suppression entries in a specified BD, run the display arp broadcast-suppress user bridge-domain command.

Example

# Display ARP broadcast suppression entries in BD 5.
<HUAWEI> display arp broadcast-suppress user bridge-domain 5
Flags: S - Static, D - Dynamic, C - Conflict
Total:4
------------------------------------------------------------------------
IP Address      MAC Address     Vtep IP             Flags 
------------------------------------------------------------------------
10.1.1.5        0005-0005-0005  1.1.1.1             S 
10.1.1.1        3853-d121-0110  1.1.1.1             D 
10.1.1.2        0002-0002-0002  1.1.1.1             D 
10.1.1.3        0001-0c01-0101  2.2.2.2             C 
------------------------------------------------------------------------
Table 13-1  Description of the display arp broadcast-suppress user bridge-domain command output

Item

Description

Flags

Type of an ARP broadcast suppression entry
  • S: Static. The ARP broadcast suppression entry is manually configured.

  • D: Dynamic. The ARP broadcast suppression entry is an ARP snooping binding entry.

  • C: Conflict. The ARP broadcast suppression entry is a conflicting entry, indicating that this entry changes frequently.

Total

Total number of ARP broadcast suppression entries in the BD

IP Address

IP address of an ARP broadcast suppression entry

MAC Address

MAC address of an ARP broadcast suppression entry

Vtep IP

Source VTEP address of a VXLAN tunnel

display arp openflow

Function

The display arp openflow command displays a device's ARP entries that are generated based on an AC controller-delivered OpenFlow flow tables.

Format

display arp openflow [ vni vni-id ] [ ip ip-address ]

Parameters

Parameter Description Value
vni vni-id Displays ARP entries with a specified VNI.

The value is an integer ranging from 1 to 16000000.

ip ip-address Displays the ARP entry with a specified IP address. The value is in dotted decimal notation.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After the arp import host untrust command is run to enable a device to generate ARP entries based on an AC controller-delivered OpenFlow flow tables, you can run the display arp openflow command to check the ARP entries.

Example

# Display a device's ARP entries that are generated based on an AC controller-delivered OpenFlow flow tables.
<HUAWEI> display arp openflow
Total number of hosts: 5
-------------------------------------------------------------
VniId       IP Address       MAC Address     VtepIP
-------------------------------------------------------------
5000        10.1.1.48        0001-0203-0405  10.2.2.2         
5000        10.1.1.47        0001-0203-0405  10.2.2.2         
5000        10.1.1.46        0001-0203-0405  10.2.2.2         
5000        10.1.1.45        0001-0203-0405  10.2.2.2         
5000        10.1.1.44        0001-0203-0405  10.2.2.2
Table 13-2  Description of the display arp openflow command output

Item

Description

Total number of hosts

Total number of vms on a device

VniId

VNI ID

IP Address

VM IP address

MAC Address

VM MAC address

VtepIP

Local VTEP's IP address

display arp packet statistics bridge-domain

Function

The display arp packet statistics bridge-domain command displays statistics about ARP packets in a bridge domain (BD).

Format

display arp packet statistics bridge-domain bd-id

Parameters

Parameter Description Value
bridge-domain bd-id Displays statistics about ARP packets in a BD with a specified ID. The value is an integer ranging from 1 to 16777215.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To view statistics about ARP packets in a BD, run the display arp packet statistics bridge-domain command.

Precautions

To ensure that the statistics displayed using the display arp packet statistics bridge-domain are valid, first run the reset arp packet statistics bridge-domain command to clear historical statistics.

Example

# Display statistics about ARP packets in BD 10.

<HUAWEI> display arp packet statistics bridge-domain 10
ARP Packets Received
  Total:                                 0  
  ARP Pkt Revceive Request:              0
  ARP Pkt Revceive Gratuitous:           0
  ARP Pkt Revceive Gateway-mac Proxy:    0
  Discard For Host Mismatch:             0
  Discard For Other:                     0 
ARP Packets Sent
  Total:     
  ARP Pkt Send Unicast:                  0   
  ARP Pkt Send Broadcast:                0 
  ARP Pkt Send Gratuitous:               0   
  ARP Pkt Send Gateway-mac Proxy:        0
Table 13-3  Description of the display arp packet statistics bridge-domain command output

Item

Description

ARP Packets Received

ARP packets received in a BD

Total

Total count

ARP Pkt Revceive Request

Number of received request packets (gratuitous ARP packets and gateway proxy packets excluded)

ARP Pkt Revceive Gratuitous

Number of received gratuitous ARP packets

ARP Pkt Revceive Gateway-mac Proxy

Number of received gateway proxy packets

Discard For Host Mismatch

Number of packets discarded due to mismatch in broadcast suppression

Discard For Other

Number of packets discarded due to other reasons

ARP Packets Sent

ARP packets sent in a BD

ARP Pkt Send Unicast

Number of sent unicast packets

ARP Pkt Send Broadcast

Number of sent broadcast packets (gratuitous ARP packets and gateway proxy packets excluded)

ARP Pkt Send Gratuitous

Number of sent gratuitous ARP packets

ARP Pkt Send Gateway-mac Proxy

Number of sent gateway proxy packets

display bgp evpn peer

Function

The display bgp evpn peer command displays information about BGP EVPN peers.

Format

display bgp evpn peer [ [ ipv4-address ] verbose ]

display bgp instance instance-name evpn peer [ [ ipv4-address ] verbose ]

Parameters

Parameter Description Value
ipv4-address Displays the information about BGP EVPN peers of a specified IPv4 address. The value is in dotted decimal notation.
verbose Displays the detailed information about BGP EVPN peers. -
instance instance-name Displays the information about BGP EVPN peers of a specified BGP instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check the following information about BGP EVPN peers, run the display bgp evpn peer command:
  • Status of connections between BGP EVPN peers
  • Configuration information about BGP EVPN peers
  • Whether BGP EVPN peers are successfully configured using the peer enable command
  • Whether BGP EVPN peers are successfully deleted using the undo peer enable command

Example

# Display information about BGP EVPN peers.

<HUAWEI> display bgp evpn peer
 BGP local router ID : 3.3.3.3
 Local AS number : 100
 Total number of peers : 3                 Peers in established state : 3

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  1.1.1.1         4         100     4456     3196     0 0045h29m Established        5
  2.2.2.2         4         100     4447     3202     0 0045h29m Established        5
  4.4.4.4         4         100     4452     3206     0 0045h29m Established        4
Table 13-4  Description of the display bgp evpn peer command output

Item

Description

BGP Local router ID

Local BGP EVPN router ID

local AS number

Local AS number

Total number of peers

Number of peers

Peers in established state

Number of peers in the Established state

Peer

IP address of a peer

V

BGP version of a peer

AS

Autonomous system number

MsgRcvd

Number of messages received

MsgSent

Number of messages sent

OutQ

Number of messages to be sent to a peer

Up/Down

Duration in which the BGP EVPN session remains in the current state

State

Current BGP EVPN status:
  • Idle: BGP EVPN denies any connection request. This is the initial state of BGP EVPN.

    After BGP EVPN receives a start event, BGP EVPN initiates a TCP connection to a peer, starts the ConnectRetry timer, and listens to the TCP messages from the peer. BGP EVPN then enters the Connect state.

  • Connect: BGP EVPN is waiting for the TCP connection establishment to complete before performing further actions.

    If the TCP connection is successfully established, BGP EVPN stops the ConnectRetry timer and sends an Open message to the peer. BGP EVPN then enters the Opensent state.

    If the TCP connection fails to be established, BGP EVPN resets the ConnectRetry timer and listens to the TCP connection initiated by the peer. BGP EVPN then enters the Active state.

    If the ConnectRetry timer expires, BGP EVPN restarts the ConnectRetry timer and attempts to establish a TCP connection with the peer again. At this time, BGP EVPN remains in the Connect state.

  • Active: BGP EVPN attempts to establish a TCP connection. This is the intermediate state of BGP EVPN.

    If the TCP connection is successfully established, BGP EVPN resets the ConnectRetry timer and sends an Open message to the peer. BGP EVPN then enters the Opensent state.

    If the ConnectRetry timer expires, BGP EVPN restarts the ConnectRetry timer and enters the Connect state.

    If BGP EVPN attempts to establish a TCP connection with an unknown IP address but fails, BGP EVPN resets the ConnectRetry timer and remains in the Active state.

  • OpenSent: BGP EVPN has sent an Open message to the peer and is now waiting for an Open message from the peer.

    If BGP EVPN receives a correct Open message, BGP EVPN enters the OpenConfirm state.

    If BGP EVPN receives an incorrect Open message, BGP EVPN sends a Notification message to the peer and enters the Idle state.

    If BGP EVPN receives a TCP connection teardown message, BGP EVPN resets the ConnectRetry timer and listens to the TCP connection initiated by the peer. BGP EVPN then enters the Active state.

  • OpenConfirm: BGP EVPN is waiting for a Notification or Keepalive message.

    If BGP EVPN receives a Notification or TCP connection teardown message, BGP EVPN enters the Idle state.

    If BGP EVPN receives a Keepalive message, BGP EVPN enters the Established state.

  • Established: Peers can exchange Update, Notification, and Keepalive messages.

    If BGP EVPN receives an Update or Keepalive message, BGP EVPN remains in the Established state.

    If BGP EVPN receives a Notification message, BGP EVPN enters the Idle state.

  • No neg: The address family is not enabled for the BGP peer. In this state, Update messages can be exchanged in other address families whose capabilities have been successfully negotiated. If the address family is enabled for the BGP peer, the local BGP peer receives a Notification message, and the peer relationship is disconnected. Then, the BGP peer changes to the Idle state and re-establishes the peer relationship.

PrefRcv

Number of route prefixes received from a peer

# Display detailed information about the BGP EVPN peer at 3.3.3.3.

<HUAWEI> display bgp evpn peer 3.3.3.3 verbose
         BGP Peer is 3.3.3.3,  remote AS 100
         Type: IBGP link
         BGP version 4, Remote router ID 3.3.3.3
         Update-group ID: 2
         BGP current state: Established, Up for 1d08h11m09s
         BGP current event: RecvKeepalive
         BGP last state: OpenConfirm
         BGP Peer Up count: 1
         Received total routes: 7
         Received active routes total: 7
         Advertised total routes: 5
         Port: Local - 179        Remote - 62019
         Configured: Connect-retry Time: 32 sec
         Configured: Active Hold Time: 180 sec   Keepalive Time:60 sec
         Received  : Active Hold Time: 180 sec
         Negotiated: Active Hold Time: 180 sec   Keepalive Time:60 sec
         Peer optional capabilities:
         Peer supports bgp multi-protocol extension
         Peer supports bgp route refresh capability
         Peer supports bgp 4-byte-as capability
         Address family IPv4 Unicast: advertised and received
         Address family L2VPN EVPN: advertised and received
 Received: Total 1608 messages
                  Update messages                25
                  Open messages                  1
                  KeepAlive messages             1582
                  Notification messages          0
                  Refresh messages               0
 Sent: Total 2218 messages
                  Update messages                7
                  Open messages                  1
                  KeepAlive messages             2210
                  Notification messages          0
                  Refresh messages               0
 Authentication type configured: None
 Last keepalive received: 2035-04-09 23:33:18+00:00
 Last keepalive sent    : 2035-04-09 23:33:00+00:00
 Last update    received: 2035-04-09 17:54:06+00:00
 Last update    sent    : 2035-04-09 17:49:37+00:00
 No refresh received since peer has been configured
 No refresh sent since peer has been configured
 Minimum route advertisement interval is 15 seconds
 Optional capabilities:
 Route refresh capability has been enabled
 4-byte-as capability has been enabled
 Connect-interface has been configured
 Peer Preferred Value: 0
 Routing policy configured:
 No routing policy is configured
Table 13-5  Description of the display bgp evpn peer 3.3.3.3 verbose command output

Item

Description

BGP Peer is 3.3.3.3

Peer address (3.3.3.3 in this example)

remote AS

AS number of the peer

Type

BGP link type, which can only be IBGP link currently

BGP version

BGP version

Remote router ID

Router ID of the peer

Update-group ID

Update group ID of the peer

BGP current state

Current BGP EVPN status:
  • Idle: BGP EVPN denies any connection request. This is the initial state of BGP EVPN.

    After BGP EVPN receives a start event, BGP EVPN initiates a TCP connection to a peer, starts the ConnectRetry timer, and listens to the TCP messages from the peer. BGP EVPN then enters the Connect state.

  • Connect: BGP EVPN is waiting for the TCP connection establishment to complete before performing further actions.
    • If the TCP connection is successfully established, BGP EVPN stops the ConnectRetry timer and sends an Open message to the peer. BGP EVPN then enters the Opensent state.

    • If the TCP connection fails to be established, BGP EVPN resets the ConnectRetry timer and listens to the TCP connection initiated by the peer. BGP EVPN then enters the Active state.

    • If the ConnectRetry timer expires, BGP EVPN restarts the ConnectRetry timer and attempts to establish a TCP connection with the peer again. At this time, BGP EVPN remains in the Connect state.

  • Active: BGP EVPN attempts to establish a TCP connection. This is the intermediate state of BGP EVPN.
    • If the TCP connection is successfully established, BGP EVPN resets the ConnectRetry timer and sends an Open message to the peer. BGP EVPN then enters the Opensent state.

    • If the ConnectRetry timer expires, BGP EVPN restarts the ConnectRetry timer and enters the Connect state.

    • If BGP EVPN attempts to establish a TCP connection with an unknown IP address but fails, BGP EVPN resets the ConnectRetry timer and remains in the Active state.

  • OpenSent: BGP EVPN has sent an Open message to the peer and is now waiting for an Open message from the peer.
    • If BGP EVPN receives a correct Open message, BGP EVPN enters the OpenConfirm state.

    • If BGP EVPN receives an incorrect Open message, BGP EVPN sends a Notification message to the peer and enters the Idle state.

    • If BGP EVPN receives a TCP connection teardown message, BGP EVPN resets the ConnectRetry timer and listens to the TCP connection initiated by the peer. BGP EVPN then enters the Active state.

  • OpenConfirm: BGP EVPN is waiting for a Notification or Keepalive message.
    • If BGP EVPN receives a Notification or TCP connection teardown message, BGP EVPN enters the Idle state.

    • If BGP EVPN receives a Keepalive message, BGP EVPN enters the Established state.

  • Established: Peers can exchange Update, Notification, and Keepalive messages.
    • If BGP EVPN receives an Update or Keepalive message, BGP EVPN remains in the Established state.

    • If BGP EVPN receives a Notification message, BGP EVPN enters the Idle state.

  • No neg: The address family is not enabled for the BGP peer. In this state, Update messages can be exchanged in other address families whose capabilities have been successfully negotiated. If the address family is enabled for the BGP peer, the local BGP peer receives a Notification message, and the peer relationship is disconnected. Then, the BGP peer changes to the Idle state and re-establishes the peer relationship.

BGP current event

Current BGP event

BGP last state

Status of the last BGP stage, which can be Idle, Connect, Active, OpenSent, OpenConfirm, Established or No neg

BGP Peer Up count

Number of times the peer alternates between Up and Down

Received total routes

Number of route prefixes received

Received active routes total

Number of active route prefixes received

Advertised total routes

Number of route prefixes sent

Port

Port number:

  • Local: local port number, which is fixed at 179 because BGP uses TCP as the transport layer protocol.

  • Remote: peer port number.

Configured

Timers that are locally configured:

  • Active Hold Time: indicates the hold time. If BGP EVPN does not receive any Keepalive message from the peer in the hold time, BGP EVPN considers that the peer is Down. BGP EVPN then instructs the other peers to withdraw the routes received from this peer.

  • Keep Alive Time: indicates the interval at which Keepalive messages are sent to the peer. Peers exchange Keepalive messages at intervals to show that they are working normally.

Received : Active Hold Time

Hold time of the peer

Negotiated : Active Hold Time

Hold time negotiated by peers

Peer optional capabilities

Optional capabilities of the peer

Received

Number of message received from the peer:
  • Total: indicates the total number of messages received from the peer.

  • Update messages: indicates the number of Update messages received from the peer.

  • Open messages: indicates the number of Open messages received from the peer.

  • KeepAlive messages: indicates the number of Keepalive messages received from the peer.

  • Notification messages: indicates the number of Notification messages received from the peer.

  • Refresh messages: indicates the number of route-refresh messages received from the peer.

Sent

Number of messages sent to the peer:
  • Total: indicates the total number of messages sent to the peer.

  • Update messages: indicates the number of Update messages sent to the peer.

  • Open messages: indicates the number of Open messages sent to the peer.

  • KeepAlive messages: indicates the number of Keepalive messages sent to the peer.

  • Notification messages: indicates the number of Notification messages sent to the peer.

  • Refresh messages: indicates the number of route-refresh messages sent to the peer.

Authentication type configured

Authentication type

Last keepalive received

Last time when a Keepalive message is received

Last keepalive sent

Last time when a Keepalive message is sent

Last update received

Last time when a Update message is received

Last update sent

Last time when a Update message is sent

No refresh received since peer has been configured

No Route-Refresh packets are received from the peer since the peer relationship is established

No refresh sent since peer has been configured

No Route-Refresh packets are sent from the peer since the peer relationship is established

Minimum route advertisement interval is 15 seconds

Minimum route advertisement interval:
  • EBGP: 30s

  • IBGP: 15s

Optional capabilities

Optional capabilities of the peer

Route refresh capability has been enabled

Route-refresh enabled

4-byte-as capability has been enabled

4-byte AS capability enabled

Connect-interface has been configured

Source interface for sending BGP packets specified

Peer Preferred Value

Preferred value of the peer

Routing policy configured

Whether a routing policy has been configured

display bgp evpn routing-table

Function

The display bgp evpn routing-table command displays information about EVPN routes.

Format

display bgp [ instance instance-name ] evpn all routing-table

display bgp [ instance instance-name ] evpn all routing-table statistics

display bgp evpn { all | route-distinguisher route-distinguisher | vpn-instance vpn-instance-name } routing-table { ad-route | es-route | inclusive-route | mac-route | prefix-route }

display bgp evpn all routing-table { ad-route ad-route | es-route es-route | inclusive-route inclusive-route | mac-route mac-route | prefix-route prefix-route } [ community-list | ext-community | cluster-list | advertised-peer | as-path ]

display bgp evpn route-distinguisher route-distinguisher routing-table { ad-route ad-route | es-route es-route | inclusive-route inclusive-route | mac-route mac-route | prefix-route prefix-route }

display bgp evpn vpn-instance vpn-instance-name routing-table { ad-route ad-route | es-route es-route | inclusive-route inclusive-route | mac-route mac-route | prefix-route prefix-route } [ community-list | ext-community | cluster-list ]

display bgp instance instance-name evpn { all | route-distinguisher route-distinguisher | vpn-instance vpn-instance-name } routing-table { inclusive-route | mac-route | prefix-route }

display bgp instance instance-name evpn all routing-table { inclusive-route inclusive-route | mac-route mac-route | prefix-route prefix-route } [ community-list | ext-community | cluster-list | advertised-peer | as-path ]

display bgp instance instance-name evpn route-distinguisher route-distinguisher routing-table { inclusive-route inclusive-route | mac-route mac-route | prefix-route prefix-route }

display bgp instance instance-name evpn vpn-instance vpn-instance-name routing-table { inclusive-route inclusive-route | mac-route mac-route | prefix-route prefix-route } [ community-list | ext-community | cluster-list ]

Parameters

Parameter Description Value
all Displays information about EVPN routes of all EVPN instances. -
route-distinguisher route-distinguisher Displays information about EVPN routes with the specified RD. -
vpn-instance vpn-instance-name Displays information about EVPN routes of a specified EVPN instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
instance instance-name Displays information about EVPN routes of a specified BGP instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
ad-route Displays information about all Ethernet auto-discovery routes. -
ad-route Specifies an Ethernet auto-discovery route.
The value is in the format of xxxx.xxxx.xxxx.xxxx.xxxx:M, where:
  • xxxx.xxxx.xxxx.xxxx.xxxx indicates the ESI configured for the device originating this route.

  • M is 0 or 4294967295.

es-route Displays information about Ethernet segment routes. -
es-route Specifies an Ethernet segment route.

The value is in the format of xxxx.xxxx.xxxx.xxxx.xxxx, where x is a hexadecimal integer ranging from 0 to F. The value equals the ESI configured for the device originating this route.

inclusive-route Displays information about inclusive multicast routes. -
inclusive-route Specifies an inclusive multicast route.
The value is in the format of M:L:X.X.X.X, where:
  • M is fixed at 0.

  • X.X.X.X indicates the source address configured for the device originating the route.

  • L indicates the mask length of the source address configured for the device originating the route.

mac-route Displays information about MAC advertisement routes. -
mac-route Specifies a MAC advertisement route.
The value is in the format of E:M:H-H-H:L:X.X.X.X, where:
  • E indicates the ID of the VLAN to which the MAC address belongs.

  • M is fixed at 48, indicating the length of the MAC address.

  • H-H-H indicates the MAC address. Each H is a 4-digit hexadecimal number, such as 00e0 or fc01. If an H contains less than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0.

  • L is findicating the mask length of the IP address corresponding to the MAC address.

  • X.X.X.X indicates the IP address corresponding to the MAC address.

prefix-route Displays information about prefix routes. -
prefix-route Specifies a prefix route.
The value is in the format of L:X.X.X.X:M, where:
  • L is fixed at 0.

  • X.X.X.X indicates the ip address of host routes.

  • M indicates the mask length of host routes.

community-list Displays the community list of BGP EVPN routes. -
ext-community Displays the extended community list of BGP EVPN routes. -
cluster-list Displays the cluster list of BGP EVPN routes. -
advertised-peer Displays the advertised peer list of BGP EVPN routes. -
as-path Displays the AS_Path attribute of BGP EVPN routes. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check information about EVPN routes, including active and inactive routes, run the display bgp evpn routing-table command.

Information about specified EVPN routes can be displayed by specifying different parameters.

Example

# Display information about all EVPN routes.

<HUAWEI> display bgp evpn all routing-table
 Local AS number : 100

 BGP Local router ID is 1.1.1.1
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 EVPN address family:
 Number of A-D Routes: 1

 Route Distinguisher: 1:1
       Network(ESI/EthTagId)                                  NextHop
 *>    0010.1010.1010.1010.1010:0                             127.0.0.1       
   

 EVPN-Instance c1:
 Number of A-D Routes: 1
       Network(ESI/EthTagId)                                  NextHop
 *>    0010.1010.1010.1010.1010:0                             127.0.0.1      

 EVPN address family:
 Number of Inclusive Multicast Routes: 1

 Route Distinguisher: 1:1
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
 *>    0:32:1.1.1.1                                           127.0.0.1       
   

 EVPN-Instance c1:
 Number of Inclusive Multicast Routes: 1
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
 *>    0:32:1.1.1.1                                           127.0.0.1      

 EVPN address family:
 Number of ES Routes: 1

 Route Distinguisher: 1.1.1.1:0
       Network(ESI)                                           NextHop
 *>    0010.1010.1010.1010.1010                               127.0.0.1       
   

 EVPN-Instance c1:
 Number of ES Routes: 1
       Network(ESI)                                           NextHop
 *>    0010.1010.1010.1010.1010                               127.0.0.1      
Table 13-6  Description of the display bgp evpn routing-table command output

Item

Description

Local AS number

Local AS number of the EVPN routes

BGP Local router ID

Router ID of the local device

Number of A-D Routes

Number of Ethernet auto-discovery routes

Number of Mac Routes

Number of MAC advertisement routes

Number of Inclusive Multicast Routes

Number of inclusive multicast routes

Number of ES Routes

Number of Ethernet segment routes

Route Distinguisher

RD of the EVPN routes

Network

Reachable address

ESI

Ethernet Segment Identifier

EthTagId

VLAN ID

IpAddrLen

Mask length

OriginalIp

Original ip address

NextHop

Next hop address

# Display statistics about EVPN routes.

<HUAWEI> display bgp evpn all routing-table statistics
 Total number of routes from all PE: 6
 Number of A-D Routes: 2
 Number of Mac Routes: 0
 Number of Inclusive Multicast Routes: 2
 Number of ES Routes: 2
 Number of Ip Prefix Routes: 0
 Number of ARP Routes: 0
Table 13-7  Description of the display bgp evpn routing-table statistics command output

Item

Description

Total number of routes from all PE

Number of EVPN routes received from all PEs

Number of ARP Routes

Number of ARP routes

# Display information about the EVPN routes with the prefix 0011.1111.1111.1111.2222.

<HUAWEI> display bgp evpn all routing-table es-route 0011.1111.1111.1111.2222
 BGP local router ID : 1.1.1.1
 Local AS number : 100

 Total routes of Route Distinguisher(1.1.1.1:0): 1
 BGP routing table entry information of 0010.1010.1010.1010.1010:
 From: 0.0.0.0 (0.0.0.0) 
 Route Duration: 0d00h01m47s
 Relay IP Nexthop: 0.0.0.0
 Original nexthop: 127.0.0.1
 Qos information : 0x0            
 Ext-Community:RT <1010-1010-1010>
 AS-path Nil, origin incomplete, pref-val 0, valid, local, best, select, pre 255
 Route Type: 4 (Ethernet Segment Route)
 ESI: 0010.1010.1010.1010.1010, Originating IP:1.1.1.1/32
 Advertised to such 1 peers:
    3.3.3.3
Table 13-8  Description of the display bgp evpn routing-table es-route command output

Item

Description

BGP local router ID

Router ID of the local BGP device

Local AS number

Local AS number of the EVPN routes

Total routes of Route Distinguisher

Total number of EVPN routes with a specified RD

BGP routing table entry information of

Routing entry information

From

IP address of the device that has advertised routes

Route Duration

Duration for route advertisement

Relay IP Nexthop

Relay next hop

Original nexthop

Original next hop

Qos information

QoS information

Ext-Community

BGP EVPN extended community attribute

AS-path

AS_Path attribute (Nil indicates that the attribute value is null)

Origin

Origin attribute of an EVPN route

pref-val

Preferred value of an EVPN route

valid

Valid route

local

Local route

best

Optimal route

select

Preferred route

Pre

Route preference

Route Type

EVPN route type:
  • Ethernet Auto-Discovery route

  • MAC advertisement route

  • Inclusive Multicast Route

  • Ethernet Segment Route

  • Ip Prefix Route

ESI

Ethernet segment identifier

Originating IP

IP address of the device that has originated routes

Advertised to such 1 peers

Peers to which routes are advertised

# Display information about the EVPN routes with the MAC address 0:48:0000-0000-1111:32:1.2.3.4.

<HUAWEI> display bgp evpn all routing-table mac-route 0:48:0000-0000-1111:32:1.2.3.4
 BGP local router ID : 2.2.2.2
 Local AS number : 100

 Total routes of Route Distinguisher(1:1): 1
 BGP routing table entry information of 0:48:0000-0000-1111:32:1.2.3.4:
 Label information (Received/Applied): 10 26/NULL
 From: 1.1.1.1 (1.1.1.1) 
 Route Duration: 0d00h01m09s
 Original nexthop: 1.1.1.6
 Qos information : 0x0            
 Ext-Community:RT <3 : 3>, Tunnel Type <VxLan(8)>, Router's MAC <3896-3e21-1200>
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, reoriginated
 Route Type: 2 (MAC Advertisement Route)
 Ethernet Tag ID: 0, MAC Address/Len: 0000-0000-1111/48, IP Address/Len: 1.2.3.4/32, ESI:0000.0000.0000.0000.0000
 Advertised to such 2 peers:
    1.1.1.1
    3.3.3.3

   EVPN-Instance 1:
  
 Number of Mac Routes: 1
 BGP routing table entry information of 0:48:0000-0000-1111:32:1.2.3.4:
 Route Distinguisher: 1:1
 Remote-Cross route
 Label information (Received/Applied): 10 16/NULL
 From: 1.1.1.1 (1.1.1.1) 
 Route Duration: 0d00h01m09s
 Relay Tunnel Out-Interface: VXLAN
 Original nexthop: 1.1.1.6
 Qos information : 0x0            
 Ext-Community:RT <3 : 3>, Tunnel Type <VxLan(8)>, Router's MAC <3896-3e11-1200>
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, REGEN capability
 Route Type: 2 (MAC Advertisement Route)
 Ethernet Tag ID: 0, MAC Address/Len: 0000-0000-1111/48, IP Address/Len: 1.2.3.4/32, ESI:0000.0000.0000.0000.0000
 Not advertised to any peer yet
Table 13-9  Description of the display bgp evpn all routing-table mac-route command output

Item

Description

Label information (Received/Applied)

Information about labels, including received and sent labels

Tunnel Type

Tunnel type, which can only be VXLAN

Router's MAC

MAC address received from an EVPN peer

internal

EVPN route sent by an IBGP peer

reoriginated

Regenerated route

Number of Mac Routes

Number of MAC routes

Route Distinguisher

Route distinguisher of an EVPN instance

Remote-Cross route

Route received from a peer and crossed to an EVPN instance

Relay Tunnel Out-Interface

Outbound interface of the recursive tunnel

REGEN capability

Route regeneration capability

Ethernet Tag ID

VLAN ID, which is fixed at 0

MAC Address/Len

MAC address and length in a MAC route

IP Address/Len

IP address and length in a host route

Not advertised to any peer yet

Route that is not advertised to any EVPN peer

display bridge-domain

Function

The display bridge-domain command displays BD configurations.

Format

display bridge-domain [ bd-id [ brief | verbose ] ]

Parameters

Parameter Description Value
bd-id Specifies a BD ID. The value is an integer ranging from 1 to 16777215.
brief Displays brief BD configurations. -
verbose Displays detailed BD configurations. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After creating BDs, run the display bridge-domain command to check BD configurations. The command output helps verify configurations and locate faults.

Example

# Display configurations of all BDs.

<HUAWEI> display bridge-domain
The total number of bridge-domains is : 2
--------------------------------------------------------------------------------
MAC_LRN: MAC learning;         STAT: Statistics;         SPLIT: Split-horizon;
BC: Broadcast;                 MC: Unknown multicast;    UC: Unknown unicast;
*down: Administratively down;  FWD: Forward;             DSD: Discard;
--------------------------------------------------------------------------------

BDID  State MAC-LRN STAT    BC  MC  UC  SPLIT   Description
--------------------------------------------------------------------------------
10    up    enable  disable FWD FWD FWD disable vni 5010
20    up    enable  disable FWD FWD FWD disable vni 5020
# Display the configurations of bridge domain 10.
<HUAWEI> display bridge-domain 10
--------------------------------------------------------------------------------
MAC_LRN: MAC learning;         STAT: Statistics;         SPLIT: Split-horizon;
BC: Broadcast;                 MC: Unknown multicast;    UC: Unknown unicast;
*down: Administratively down;  FWD: Forward;             DSD: Discard;
U: Up;         D: Down;
--------------------------------------------------------------------------------

BDID         Ports                                                          
--------------------------------------------------------------------------------
10                                                                               

BDID  State MAC-LRN STAT    BC  MC  UC  SPLIT   Description
--------------------------------------------------------------------------------
10    down  enable  disable FWD FWD FWD disable                                 

BDID         VLANIDs                                                          
--------------------------------------------------------------------------------
10           1(D)  
# Display detailed configurations of bridge domain 10.
<HUAWEI> display bridge-domain 10 verbose
  Bridge-domain ID        : 10
  Description             : vni 5010
  State                   : Up
  MAC Learning            : Enable
  Statistics              : Disable
  Broadcast               : Forward
  Unknown-unicast         : Forward
  Unknown-multicast       : Forward
  Split-horizon           : Disable
 
  ----------------
Interface                                State
  Eth-Trunk0.4000                        up        
  Eth-Trunk100.3                         up    
Table 13-10  Description of the display bridge-domain command output

Item

Description

The total number of bridge-domains is

Total number of BDs configured.

BDID

BD ID.

A BD ID can be configured using the bridge-domain bd-id command in the system view.

State

BD status:
  • up
  • down

MAC-LRN

Whether MAC address learning is enabled for a BD:
  • disable
  • enable

STAT

Whether traffic statistics collection is enabled for a BD:
  • disable
  • enable

Traffic statistics collection can be enabled using the statistics enable command in the BD view.

BC

Whether broadcast packets are forwarded in a BD:
  • FWD: Broadcast packets are forwarded.
  • DSD: Broadcast packets are discarded.

MC

Whether multicast packets are forwarded in a BD:
  • FWD: Multicast packets are forwarded.
  • DSD: Multicast packets are discarded.

UC

Whether unknown unicast packets are forwarded in a BD:
  • FWD: Unknown unicast packets are forwarded.
  • DSD: Unknown unicast packets are discarded.

SPLIT

Whether split horizon is enabled for a BD:
  • disable
  • enable

Description

Description of a BD.

A description can be configured for a BD using the description (BD view) command.

Ports

Status of each Layer 2 sub-interface added to a bridge domain.
  • Up: The data link layer protocol of the Layer 2 sub-interface starts properly.
  • Down: The data link layer protocol of the Layer 2 sub-interface starts is abnormal.

To add a Layer 2 sub-interface to a bridge domain, run the bridge-domain bd-id command in a specific Layer 2 sub-interface view.

VLANIDs

ID of the VLAN bound to a BD.

Table 13-11  Description of the display bridge-domain verbose command output

Item

Description

Bridge-domain ID

BD ID.

A BD ID can be configured using the bridge-domain bd-id command in the system view.

Description

Description of a BD.

A description can be configured for a BD using the description (BD view) command.

State

BD status:
  • Up
  • Down

MAC Learning

Whether MAC address learning is enabled for a BD:
  • Disable
  • Enable

Statistics

Whether traffic statistics collection is enabled for a BD:
  • Disable
  • Enable

Traffic statistics collection can be enabled using the statistics enable command in the BD view.

Broadcast

Whether broadcast packets are forwarded in a BD:
  • Forward: Broadcast packets are forwarded.
  • Discard: Broadcast packets are discarded.

Unknown-unicast

Whether unknown unicast packets are forwarded in a BD:
  • Forward: Unknown unicast packets are forwarded.
  • Discard: Unknown unicast packets are discarded.

Unknown-multicast

Whether multicast packets are forwarded in a BD:
  • Forward: Multicast packets are forwarded.
  • Discard: Multicast packets are discarded.

Split-horizon

Whether split horizon is enabled for a BD:
  • Disable
  • Enable

Interface State

Status of each Layer 2 sub-interface added to a bridge domain.
  • up: The data link layer protocol of the Layer 2 sub-interface starts properly.
  • down: The data link layer protocol of the Layer 2 sub-interface starts is abnormal.

In VXLAN dual-active access networking, after an interface is configured as a peer-link interface, the device automatically creates a QinQ Layer 2 sub-interface for each VNI on the interface. The QinQ Layer 2 sub-interface is used to add the two M-LAG-enabled devices to the corresponding BD of the VNI. Users cannot perform operations on the Layer 2 QinQ sub-interface.

display bridge-domain statistics

Function

The display bridge-domain statistics command displays traffic statistics of a bridge domain (BD).

Format

display bridge-domain bd-id statistics

Parameters

Parameter Description Value
bd-id Specifies a BD ID. The value is an integer ranging from 1 to 16777215.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To check traffic statistics of a BD when monitoring it, run the display bridge-domain statistics command. The command output helps locate faults.

Prerequisites

To ensure that the display bridge-domain statistics command displays valid statistics entries, you must have performed the following operations before running the display bridge-domain statistics command:
  1. A BD has been created using the bridge-domain bd-id command in the system view.
  2. Traffic statistics collection has been enabled for the BD using the statistics enable command in the BD view.

Example

# Display traffic statistics of BD 10.

<HUAWEI> display bridge-domain 10 statistics
Slot: 1/3                                  
-------------------------------------------------------------------------- 
Item                                   Packets                       Bytes
-------------------------------------------------------------------------- 
Inbound                                      0                           0   
Outbound                                     0                           0  
--------------------------------------------------------------------------  
Table 13-12  Description of the display bridge-domain statistics command output

Item

Description

Slot

Slot number.

Item

Statistics items to be displayed.

Packets

Number of packets.

Bytes

Number of bytes.

Inbound

Number of packets received in the BD.

Outbound

Number of packets sent from the BD.

display default-parameter evn

Function

The display default-parameter evn command displays the default EVN configurations.

Format

display default-parameter evn

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view the default EVN configurations, including the access mode of an EVN instance and service type of an EVN interface.

Example

# Display the default configurations in EVN initialization.

<HUAWEI> display default-parameter evn
 EVN Access Mode           : VLAN Access   
 EVN Interface Service Mode: VLAN Aware  
Table 13-13  Description of the display default-parameter evn command output

Item

Description

EVN Access Mode

An EVN instance uses a VLAN access mode.

EVN Interface Service Mode

Service type of an EVN interface.

display default-parameter evn bgp

Function

The display default-parameter evn bgp command displays the default EVN BGP configurations.

Format

display default-parameter evn bgp

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view the default EVN BGP configurations, including the forwarding mode of multicast traffic, DF election mode, and network-side tunnel type.

Example

# Display the default configurations in EVN BGP initialization.

<HUAWEI> display default-parameter evn bgp
 BUM Flow Forward Mode: Ingress Replication
 DF Select Mode       : Per VLAN
 Tunnel Type          : VXLAN
Table 13-14  Description of the display default-parameter evn bgp command output

Item

Description

BUM Flow Forward Mode

Forwarding mode of broadcast, unknown unicast, and multicast traffic. The default mode is ingress replication.

DF Select Mode

DF election mode. The default mode is VLAN-based DF election.

Tunnel Type

Network-side tunnel type.

display dfs-group active-active-gateway

Function

The display dfs-group active-active-gateway command displays information of all-active gateways in a DFS group.

Format

display dfs-group dfs-group-id active-active-gateway

Parameters

Parameter

Description

Value

dfs-group-id

Specifies the ID of a DFS group.

This parameter has a fixed value of 1.

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run this command to view information of all-active gateway neighbors of a device. The information includes the IP address and status of each gateway neighbor.

Example

# Display information of all-active gateways in a DFS group.

<HUAWEI> display dfs-group 1 active-active-gateway
A:Active     I:Inactive         
-------------------------------------------------------------------      
Peer             System name         State         Duration   
1.1.1.1          -                   I             0:0:8      
1.1.1.2          -                   I             0:0:8    
1.1.1.3          -                   I             0:0:8 
Table 13-15  Description of the display dfs-group active-active-gateway command output

Item

Description

Peer

IP address of the peer all-active gateway. To change the value, run the peer command.

System name

Host name of the peer all-active gateway.

State

Status of the peer all-active gateway.
  • A: Active
  • I: Inactive

Duration

Duration during which the peer all-active gateway remains in Active or Inactive state.

display evn bgp all routing-table statistics

Function

The display evn bgp all routing-table statistics command displays EVN BGP route statistics.

Format

display evn bgp all routing-table statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display evn bgp all routing-table statistics command to view EVN BGP route statistics, including the number of Ethernet auto-discovery routes, MAC advertisement routes, inclusive multicast Ethernet tag routes, and Ethernet segment routes.

Precautions

When a route flapping occurs, the displayed route statistics may differ from the actual route statistics temporarily because some routes are being advertised.

Example

# Display EVN BGP route statistics.

<HUAWEI> display evn bgp all routing-table statistics
 Total number of routes from all PE: 2
 Number of A-D Routes: 0
 Number of Mac Routes: 0
 Number of Inclusive Multicast Routes: 2
 Number of ES Routes: 0
 Number of Ip Prefix Routes: 0
 Number of ARP Routes: 0
Table 13-16  Description of the display evn bgp all routing-table statistics command output
Item Description

Total number of routes from all PE

Number of EVN BGP routes received from all PEs

Number of A-D Routes

Number of Ethernet A-D routes

Number of Mac Routes

Number of MAC advertisement routes

Number of Inclusive Multicast Routes

Number of inclusive multicast routes

Number of ES Routes

Number of Ethernet segment routes

Number of Ip Prefix Routes

Number of IP prefix routes

Number of ARP Routes

Number of ARP routes

display evn bgp bfd session

Function

The display evn bgp bfd session command displays information about BFD sessions established using EVN BGP.

Format

display evn bgp bfd session { peer ipv4-address | all }

Parameters

Parameter Description Value
peer ipv4-address Specifies the IPv4 address of the peer. The value is in dotted decimal notation.
all Displays all BFD sessions established using EVN BGP. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display evn bgp bfd session command to view BFD session status and BFD parameters of EVN BGP peers.

Example

# Display all BFD sessions established using EVN BGP.

<HUAWEI> display evn bgp bfd session all
--------------------------------------------------------------------------------
  Local_Address      Peer_Address       Interface
  10.44.44.99        10.44.44.88        Unknown
  Tx-interval(ms)    Rx-interval(ms)    Multiplier  Session-State
  0                  0                  0           BFD global disable
--------------------------------------------------------------------------------
Table 13-17  Description of the display evn bgp bfd session command output

Item

Description

Local_Address

Local IP address.

Peer_Address

Peer IP address.

Interface

Interface on which is a BFD session is established.

Tx-interval(ms)

Interval for sending BFD packets, in milliseconds.

Rx-interval(ms)

Interval for receiving BFD packets, in milliseconds.

Multiplier

Remote detection multiplier.

Session-State

BFD status.
  • BFD global disable: BFD is disabled globally.

  • BFD session number exceed: The number of BFD sessions exceeds the threshold.

  • Detect down: No BFD packet is received after the detection interval expires.

  • Init: The local system can communicate with the peer system, and the local system expects to make the session Up.

  • Receive admin down: The device receives a packet in AdminDown state from the peer.

  • Up: A BFD session is successfully established and the peers can periodically exchange BFD packets.

display evn bgp peer

Function

The display evn bgp peer command displays EVN BGP peer information.

Format

display evn bgp peer [ ipv4-address [ log-info ] ]

Parameters

Parameter Description Value
ipv4-address Displays information about the EVN BGP peer with a specified IPv4 address. The value is in dotted decimal notation.
log-info Displays logs of the specified peer. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display evn bgp peer command to view EVN BGP peer information. The command can be used to check:
  • Status of EVN BGP connections.
  • EVN BGP peer configurations.
  • Whether EVN BGP peers are successfully created using the peer command.
  • Whether EVN BGP peers are successfully deleted using the undo peer command.

Precautions

You can specify log-info to view logs of an EVN BGP peer and obtain the flapping records of the EVN BGP peer.

Example

# Display EVN BGP peer information.

<HUAWEI> display evn bgp peer
 BGP local router ID        : 10.1.1.1
 Local AS number            : 65534
 Total number of peers      : 1
 Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  10.2.2.2        4       65534        7        7     0 00:03:36 Established        1
Table 13-18  Description of the display evn bgp peer command output

Item

Description

BGP Local router ID

Router ID of a local EVN BGP device.

Local AS number

Local AS number.

Total number of peers

Number of EVN BGP peers.

Peers in established state

Number of EVN BGP peers in established state.

Peer

IP address of a peer.

V

EVN BGP version number used by a peer.

AS

AS number.

MsgRcvd

Number of received packets.

MsgSent

Number of sent packets.

OutQ

Number of packets to be sent to a specified peer.

Up/Down

Duration that an EVN BGP session keeps the current status.

State

Current status of an EVN BGP session.
  • Idle: EVN BGP denies all connection requests. This is the initial state of EVN BGP.

    Upon receiving a Start event, EVN BGP initiates a TCP connection to the remote EVN BGP peer, starts the Connect Retry timer, detects a TCP connection initiated by the remote EVN BGP peer, and changes its state to Connect.

  • Connect: EVN BGP waits for the TCP connection to be set up before it determines whether to perform other operations.

    If the TCP connection succeeds, EVN BGP stops the Connect Retry timer, sends an Open message to the remote peer, and changes its state to OpenSent.

    If the TCP connection fails, EVN BGP resets the Connect Retry timer, continues to detect a TCP connection initiated by the remote peer, and changes its state to Active.

    If the Connect Retry timer has expired before a TCP connection is established, EVN BGP restarts the Connect Retry timer, initiates a TCP connection to the remote BGP peer, and remains in the Connect state.

  • Active: EVN BGP attempts to establish a TCP connection. This is the intermediate status of EVN BGP.

    If the TCP connection succeeds, EVN BGP resets the Connect Retry timer, sends an Open message to the remote peer, and changes its state to OpenSent.

    If the Connect Retry timer has expired before a TCP connection is established, EVN BGP restarts the timer and changes its state to Connect.

    If EVN BGP initiates a TCP connection with an unknown IP address, the TCP connection fails. When this occurs, EVN BGP resets the Connect Retry timer and remains in the Active state.

  • OpenSent: EVN BGP has sent one Open message to its peer and waits for an Open message from the peer.

    If EVN BGP receives a correct Open message from its peer, EVN BGP changes its state to OpenConfirm.

    If the Open message received is incorrect, EVN BGP sends a Notification message to the remote peer and changes its state to Idle.

    If the TCP connection fails, EVN BGP resets the Connect Retry timer, continues to detect a TCP connection initiated by the remote peer, and changes its state to Active.

  • OpenConfirm: EVN BGP waits for a Notification message or a Keepalive message from the peer.

    If EVN BGP receives a Notification message or the TCP connection fails, EVN BGP changes its state to Idle.

    If EVN BGP receives a Keepalive message, EVN BGP changes its state to Established.

  • Established: EVN BGP peers can exchange Update, Notification, and Keepalive messages.

    If EVN BGP receives an Update or a Keepalive message, it remains in the Established state.

    If EVN BGP receives a Notification message, EVN BGP changes its state to Idle.

  • No neg: The address family is not enabled for the BGP peer. In this state, Update messages can be exchanged in other address families whose capabilities have been successfully negotiated. If the address family is enabled for the BGP peer, the local BGP peer receives a Notification message, and the peer relationship is disconnected. Then, the BGP peer changes to the Idle state and re-establishes the peer relationship.

PrefRcv

Number of route prefixes received from the peer.

# Display detailed information about the peer 10.2.2.2.

<HUAWEI> display evn bgp peer 10.2.2.2
 BGP Peer is 10.2.2.2,  remote AS 65534
 Type: IBGP link
 BGP version 4, Remote router ID 10.2.2.2
 Update-group ID: 4
 BGP current state: Established, Up for 01h34m05s
 BGP current event: KATimerExpired
 BGP last state: OpenConfirm
 BGP Peer Up count: 1
 Received total routes: 35415
 Received active routes total: 35415
 Advertised total routes: 35902
 Port: Local - 179        Remote - 62617
 Configured: Connect-retry Time: 32 sec
 Configured: Active Hold Time: 180 sec   Keepalive Time:60 sec
 Received  : Active Hold Time: 180 sec
 Negotiated: Active Hold Time: 180 sec   Keepalive Time:60 sec
 Peer optional capabilities:
  Peer supports bgp multi-protocol extension
  Peer supports bgp route refresh capability
  Peer supports bgp 4-byte-as capability
 Received:
                  Total  messages                1928
                  Update messages                1819
                  Open messages                  1
                  KeepAlive messages             108
                  Notification messages          0
                  Refresh messages               0
 Sent    :
                  Total  messages                1711
                  Update messages                1599
                  Open messages                  1
                  KeepAlive messages             111
                  Notification messages          0
                  Refresh messages               0
 Authentication type configured: None
  Last keepalive received: 2014-02-28 14:42:44+00:00
  Last keepalive sent    : 2014-02-28 14:42:53+00:00
  Last update received   : 2014-02-28 14:42:32+00:00
  Last update sent       : 2014-02-28 14:43:04+00:00
  No refresh received since peer has been configured
  No refresh sent since peer has been configured
 Minimum route advertisement interval is 15 seconds
 Optional capabilities:
 Route refresh capability has been enabled
 4-byte-as capability has been enabled
 Connect-interface has been configured
 Peer Preferred Value: 0
 Routing policy configured:
 No routing policy is configured     
Table 13-19  Description of the display evn bgp peer 10.2.2.2 command output

Item

Description

BGP Peer is 10.2.2.2, remote AS 65534

The IP address of the EVN BGP peer is 10.2.2.2 and the AS number is 65534.

Type

EVN BGP link type, which can be IBGP or EBGP.

BGP version

Version of EVN BGP.

Remote router ID

Router ID of the remote peer.

Update-group ID

ID of the update group to which the peer belongs.

BGP current state

Current status of an EVN BGP session.
  • Idle: EVN BGP denies all connection requests. This is the initial state of EVN BGP.

    Upon receiving a Start event, EVN BGP initiates a TCP connection to the remote EVN BGP peer, starts the Connect Retry timer, detects a TCP connection initiated by the remote EVN BGP peer, and changes its state to Connect.

  • Connect: EVN BGP waits for the TCP connection to be set up before it determines whether to perform other operations.

    If the TCP connection succeeds, EVN BGP stops the Connect Retry timer, sends an Open message to the remote peer, and changes its state to OpenSent.

    If the TCP connection fails, EVN BGP resets the Connect Retry timer, continues to detect a TCP connection initiated by the remote peer, and changes its state to Active.

    If the Connect Retry timer has expired before a TCP connection is established, EVN BGP restarts the Connect Retry timer, initiates a TCP connection to the remote BGP peer, and remains in the Connect state.

  • Active: EVN BGP attempts to establish a TCP connection. This is the intermediate status of EVN BGP.

    If the TCP connection succeeds, EVN BGP resets the Connect Retry timer, sends an Open message to the remote peer, and changes its state to OpenSent.

    If the Connect Retry timer has expired before a TCP connection is established, EVN BGP restarts the timer and changes its state to Connect.

    If EVN BGP initiates a TCP connection with an unknown IP address, the TCP connection fails. When this occurs, EVN BGP resets the Connect Retry timer and remains in the Active state.

  • OpenSent: EVN BGP has sent one Open message to its peer and waits for an Open message from the peer.

    If EVN BGP receives a correct Open message from its peer, EVN BGP changes its state to OpenConfirm.

    If the Open message received is incorrect, EVN BGP sends a Notification message to the remote peer and changes its state to Idle.

    If the TCP connection fails, EVN BGP resets the Connect Retry timer, continues to detect a TCP connection initiated by the remote peer, and changes its state to Active.

  • OpenConfirm: EVN BGP waits for a Notification message or a Keepalive message from the peer.

    If EVN BGP receives a Notification message or the TCP connection fails, EVN BGP changes its state to Idle.

    If EVN BGP receives a Keepalive message, EVN BGP changes its state to Established.

  • Established: EVN BGP peers can exchange Update, Notification, and Keepalive messages.

    If EVN BGP receives an Update or a Keepalive message, it remains in the Established state.

    If EVN BGP receives a Notification message, EVN BGP changes its state to Idle.

  • No neg: The address family is not enabled for the BGP peer. In this state, Update messages can be exchanged in other address families whose capabilities have been successfully negotiated. If the address family is enabled for the BGP peer, the local BGP peer receives a Notification message, and the peer relationship is disconnected. Then, the BGP peer changes to the Idle state and re-establishes the peer relationship.

BGP current event

Current EVN BGP event.

BGP last state

Last EVN BGP status. The value can be Idle, Connect, Active, OpenSent, OpenConfirm, and Established.

BGP Peer Up count

Flapping count of a EVN BGP peer in a specified period of time.

Received total routes

Number of received route prefixes.

Received active routes total

Number of received active route prefixes.

Advertised total routes

Number of sent route prefixes.

Port

Port number.
  • Local: EVN BGP uses TCP as the transport layer protocol and the port number is fixed as 179.

  • Remote: Port number used by a peer device.

Configured

Locally configured timers.
  • Active Hold Time: indicates the holdtime. If EVN BGP does not receive any Keepalive message from the peer in the holdtime, EVN BGP considers that the peer is Down and then instructs other peers to remove the routes that are sent from the peer.

  • Keep Alive Time: indicates the interval for sending Keepalive messages to the peer. EVN BGP peers send Keepalive messages to each other periodically to maintain their relationships.

Received : Active Hold Time

Holdtime on the peer.

Negotiated

Length of the timers negotiated by EVN BGP peers.
  • Active Hold Time: indicates the holdtime negotiated by EVN BGP peers.

  • Keep Alive Time: indicates the Keepalive negotiated by EVN BGP peers.

Peer optional capabilities

Capabilities supported by the peer.

Peer supports bgp multi-protocol extension

The peer supports multi-protocol extension.

Peer supports bgp route refresh capability

The peer supports route refresh.

Peer supports bgp 4-byte-as capability

The peer supports 4-byte AS numbers.

Received

Number of messages received from a peer.
  • Total messages: indicates the total number of messages.

  • Update messages: indicates the number of Update messages.

  • Open messages: indicates the number of Open messages.

  • KeepAlive messages: indicates the number of Keepalive messages.

  • Notification messages: indicates the number of Notification messages.

  • Refresh messages: indicates the number of Route-refresh messages.

Sent

Number of messages sent to a peer.
  • Total messages: indicates the total number of messages.

  • Update messages: indicates the number of Update messages.

  • Open messages: indicates the number of Open messages.

  • KeepAlive messages: indicates the number of Keepalive messages.

  • Notification messages: indicates the number of Notification messages.

  • Refresh messages: indicates the number of Route-refresh messages.

Authentication type configured

Authentication type that is configured.

Minimum route advertisement interval is 15 seconds

Minimum interval for advertising routes.
  • EBGP: 30s

  • IBGP: 15s

Optional capabilities

Capabilities supported by the peer.

Route refresh capability has been enabled

Route refresh has been enabled.

4-byte-as capability has been enabled

The peer is enabled to support 4-byte AS numbers.

Connect-interface has been configured

Source interface that sends EVN BGP packets.

Peer Preferred Value

Preferred value of the peer.

Routing policy configured

Whether routing policies are configured.

# Display logs of the EVN BGP peer 10.2.2.2.

<HUAWEI> display bgp peer 10.2.2.2 log-info

Peer : 10.2.2.2

 Date/Time     : 2013-11-07 21:54:13+00:00
 State         : Up
Table 13-20  Description of the display evn bgp peer log-info command output

Item

Description

Peer

IP address of the peer.

Date/Time

Time when logs are generated.

State

Status of the peer.

display evn bgp routing-table

Function

The display evn bgp routing-table command displays information about EVN BGP routes.

Format

display evn bgp all routing-table

display evn bgp { all | route-distinguisher route-distinguisher } routing-table { ad-route | arp-route | es-route | inclusive-route | mac-route }

display evn bgp all routing-table { ad-route ad-route | arp-route arp-route | es-route es-route | inclusive-route inclusive-route | mac-route mac-route } [ community-list | ext-community | cluster-list | advertised-peer ]

display evn bgp route-distinguisher route-distinguisher routing-table { ad-route ad-route | arp-route arp-route | es-route es-route | inclusive-route inclusive-route | mac-route mac-route }

Parameters

Parameter Description Value
all Displays information about EVN BGP routes of all EVN instances. -
route-distinguisher route-distinguisher Displays EVN BGP route statistics of an EVN instance with a specified Route Distinguisher (RD). An RD is in one of the following formats:
  • 16-bit autonomous system (AS) number: 32-bit user-defined number, for example, 101:3. The AS number ranges from 0 to 65535, and the user-defined number ranges from 0 to 4294967295. The AS number and user-defined number cannot be both 0s, that is, the RD value cannot be 0:0.

  • 32-bit IP address: 16-bit user-defined number, for example, 192.168.122.15:1. The IP address ranges from 0.0.0.0 to 255.255.255.255, and the user-defined number ranges from 0 to 65535.

  • 4-byte AS number (integer): 2-byte user-defined number, for example, 65537:3. The AS number ranges from 65536 to 4294967295, and the user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s, that is, the RD value cannot be 0:0.

  • 4-byte AS number (in dotted notation): 2-byte user-defined number, for example, 0.0:3 or 0.1:0. The AS in dotted notation is usually expressed in the x.y format. The x and y range from 0 to 65535, and the user-defined number ranges from 0 to 65535. The AS number and user-defined number cannot be both 0s, that is, the RD value cannot be 0.0:0.

-
ad-route Displays information about all Ethernet A-D routes. -
ad-route Specifies the prefix of an Ethernet A-D route.
The value is in the format of xxxx.xxxx.xxxx.xxxx.xxxx:M, where:
  • xxxx.xxxx.xxxx.xxxx.xxxx indicates the ESI configured using the esi command for the device originating this route.

  • M is fixed at 4294967295.

arp-route Displays information about ARP host routes. -
arp-route Specifies the prefix of an ARP host route.
The value is in the format of E:M:H-H-H:L:X.X.X.X, where:
  • E indicates the ID of the VNI.

  • M is fixed at 48, indicating the length of the MAC address.

  • H-H-H indicates the MAC address. H is a 4-bit hexadecimal number, such as 00e0 or fc01. If an H contains less than four digits, 0s are added ahead. For example, e0 is equal to 00e0.

  • L is fixed at 32, indicating the mask length of the IP address corresponding to the MAC address.

  • X.X.X.X indicates the IP address corresponding to the MAC address.

es-route Displays information about Ethernet segment routes. -
es-route Specifies the prefix of an Ethernet segment route.

The value is in the format of xxxx.xxxx.xxxx.xxxx.xxxx, where x is a hexadecimal integer ranging from 0 to F. The value equals the ESI configured using the esi command for the device originating this route.

inclusive-route Displays information about inclusive multicast routes. -
inclusive-route Specifies the prefix of an inclusive multicast route.
The value is in the format of M:L:X.X.X.X, where:
  • M is fixed at 0.

  • X.X.X.X indicates the source address configured using the source-address (EVN BGP view) command for the device originating the route.

  • L indicates the mask length of the source address configured using the source-address (EVN BGP view) command for the device originating the route.

mac-route Displays information about MAC advertisement routes. -
mac-route Specifies the prefix of an MAC advertisement route.
The value is in the format of E:M:H-H-H:L:X.X.X.X, where:
  • E indicates the ID of the VLAN to which the MAC address belongs.

  • M is fixed at 48, indicating the length of the MAC address.

  • H-H-H indicates the MAC address. H is a 4-bit hexadecimal number, such as 00e0 or fc01. If an H contains less than four digits, 0s are added ahead. For example, e0 is equal to 00e0.

  • L is fixed at 32, indicating the mask length of the IP address corresponding to the MAC address.

  • X.X.X.X indicates the IP address corresponding to the MAC address. Currently, this part can only be displayed as 0.0.0.0.

community-list Displays the community list of EVN BGP routes. -
ext-community Displays the extended community list of EVN BGP routes. -
cluster-list Displays the cluster list of EVN BGP routes. -
advertised-peer Displays the advertised peer list of EVN BGP routes. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view information about specified public routes by specifying different parameters.

Example

# Display information about all EVN BGP routes.

<HUAWEI> display evn bgp all routing-table
                                                                                                                                    
                                                                                                                                    
 Local AS number : 65534                                                                                                            
                                                                                                                                    
 BGP Local router ID is 10.1.1.1                                                                                                     
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,                                                    
               h - history,  i - internal, s - suppressed, S - Stale                                                                
               Origin : i - IGP, e - EGP, ? - incomplete                                                                            
                                                                                                                                    
                                                                                                                                    
 EVN address family:             
 Number of Inclusive Multicast Routes: 2

 Route Distinguisher: 10.1.1.1:100
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
 *>    0:32:10.1.1.1                                          127.0.0.1

 Route Distinguisher: 10.2.2.2:100
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
 *>i   0:32:10.2.2.2                                          10.2.2.2

 EVN-Instance aaa:

 Number of Inclusive Multicast Routes: 2
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
 *>    0:32:10.1.1.1                                          127.0.0.1
 *>i   0:32:10.2.2.2                                          10.2.2.2
Table 13-21  Description of the display evn bgp routing-table command output

Item

Description

Local AS number

Local AS number.

BGP Local router ID

Router ID of the local device.

Route Distinguisher

Route distinguisher.

Network

Reachable address.

NextHop

Next hop address.

# Display information about the BGP EVN route with a prefix 0000.1001.1001.1001.1001.

<HUAWEI> display evn bgp all routing-table es-route 0000.1001.1001.1001.1001

 BGP local router ID : 10.44.44.88
 Local AS number : 65534

 Total routes of Route Distinguisher(10.44.44.99:0): 1
 BGP routing table entry information of 0000.1001.1001.1001.1001:
 From: 10.44.44.99 (10.44.44.99) 
 Route Duration: 0d01h41m55s
 Relay IP Nexthop: 10.44.44.99
 Relay Tunnel Name: VXLAN
 Original nexthop: 10.44.44.99
 Qos information : 0x0            
 Ext-Community:RT <1001-1001-1001>
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
 Route Type: 4 (Ethernet Segment Route)
 ESI: 0000.1001.1001.1001.1001, Originating IP:10.44.44.99/32
 Not advertised to any peer yet
Table 13-22  Description of the display evn bgp routing-table es-route command output

Item

Description

BGP local router ID

Router ID of the local BGP device.

Local AS number

Local AS number.

Total routes of Route Distinguisher

Total number of EVN routes of a specified RD.

BGP routing table entry information of

Routing entry information.

From

IP address of an advertising device.

Route Duration

Route duration.

Relay IP Nexthop

Iterated next hop.

Relay Tunnel Name

Iterated tunnel type.

Original nexthop

Original next hop.

Qos information

QoS information.

Ext-Community

Extended community attribute of EVN BGP.

AS-path

AS path attribute. Nil indicates that the attribute value is null.

origin

Origin attribute of a BGP route.

localpref

Local preference of a BGP route.

pref-val

Preferred value of an EVPN route

valid

The BGP route is a valid route.

internal

The BGP route is an internal route.

best

The BGP route is the optimal route.

select

The BGP route is a preferred route.

pre

BGP route preference.

Route Type

EVN route type:

  • 1 (Ethernet Auto-Discovery route)

  • 2 (MAC advertisement route)

  • 3 (Inclusive Multicast Route)

  • 4 (Ethernet Segment Route)

ESI

Ethernet segment identifier.

Originating IP

IP address of the device that generates a route.

display evn bgp update-peer-group

Function

The display evn bgp update-peer-group command displays information about update-groups. By setting index in the command, you can view the detailed information about a specified update-group.

Format

display evn bgp update-peer-group [ index update-group-index ]

Parameters

Parameter Description Value
index update-group-index Specifies the index of an update-group. The value is an integer that ranges from 0 to 65535.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display evn bgp update-peer-group command to view information about an EVN BGP update-group.

Example

# Display information about EVN BGP update-groups.

<HUAWEI> display evn bgp update-peer-group

  The EVPN instance's update peer group number : 1
  Keep buffer update peer group number : 0
  BGP Version : 4

  Group ID : 4
  Group Type : internal
  Addr Family : EVPN
  AdvMinTimeVal : 0
  Total Peers : 1
  Leader Peer : 10.2.2.2
  Peers List : 10.2.2.2 
Table 13-23  Description of the display evn bgp update-peer-group command output

Item

Description

The EVPN instance's update peer group number

Number of update-groups in the instance.

Keep buffer update peer group number

Number of update-groups saved in the batch buffer.

BGP Version

BGP version number.

Group ID

ID of the update-group.

Group Type

Type of the update-group. Currently, the field can only be displayed as internal, indicating EVN IBGP peers.

Addr Family

Address family.

AdvMinTimeVal

Minimum interval for sending Update packets with the same route prefixes.

Total Peers

Total number of peers in an update-group.

Leader Peer

First member in an update-group.

Peers List

Indicates a list of peers.

# Display the information about the update-group with a specified index.

<HUAWEI> display evn bgp update-peer-group index 2
  Group ID : 2
  BGP Version : 4
  Group Type : internal
  Addr Family :
  Advertise Minimum Time : 0
  Advertise Minimum Time: 0
  Total Peers : 1
  Leader Peer : 10.44.44.88

  Total format packet number : 0
  Total send packet number : 0
  Total replicate packet number : 0
  The replication percentages(%) : 0

  Peers List : 10.44.44.88  
Table 13-24  Description of the display evn bgp update-peer-group index command output
Item Description
Total format packet number Total number of formatted packets.
Total send packet number Total number of sent packets.
Total replicate packet number Number of replicated packets. The value equals the total number of sent packets - the total number of formatted packets.
The replication percentages(%) Percentage of the number of replicated packets to the total number of formatted packets. The value is calculated using the formula: (Total number of sent packets - Total number of formatted packets) x 100 / Total number of formatted packets

display evpn vpn-instance

Function

The display evpn vpn-instance command displays EVPN instance information.

Format

display evpn vpn-instance [ verbose ] [ vpn-instance-name ]

Parameters

Parameter Description Value
verbose Display detailed information about EVPN instances. -
vpn-instance-name Specifies the name of an EVPN instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check EVPN instance information, run the display evpn vpn-instance command.

If vpn-instance-name is not specified, the display evpn vpn-instance command displays a summary of all configured EVPN instances.

Example

# Display a summary of all EVPN instances.

<HUAWEI> display evpn vpn-instance
Total EVPN-Instances configured      : 2

  EVPN-Instance Name              RD                    Address-family
  v1                              1:1                   evpn          
  v2                                                    evpn

# Display detailed information about EVPN instance evpna.

<HUAWEI> display evpn vpn-instance verbose evpna
 VPN-Instance Name and ID : evpna, 3
  Address family evpn
  Route Distinguisher : 100:1
  Label Policy        : label per instance
  Per-Instance Label  : 32831,32832
  Export VPN Targets  : 1:1
  Import VPN Targets  : 1:1
Table 13-25  Description of the display evpn vpn-instance command output

Item

Description

Total EVPN-Instances configured

Total number of EVPN instances configured

EVPN-Instance Name

EVPN instance name

RD

EVPN instance RD

Address-family

Address family enabled for the EVPN instance

VPN-Instance Name and ID

Name and ID of the EVPN instance. The ID is allocated by the system for indexing.

Address family evpn

EVPN instance address family

Route Distinguisher

EVPN instance RD

Label Policy

Label policy of the EVPN instance

Per-Instance Label

Label shared by all private network routes in the EVPN instance

Export VPN Targets

List of export VPN targets

Import VPN Targets

List of import VPN targets

display forward entry vxlan-l2

Function

The display forward entry vxlan-l2 command displays resource information about Layer 2 traffic forwarding paths on a VXLAN network.

Format

display forward entry vxlan-l2 interface interface-type interface-number vlan vlan-id [ inner-vlan vlan-id ] dst-mac mac-address src-mac mac-address [ slot slot-id ]

Parameters

Parameter Description Value
interface interface-type interface-number

Specifies an interface.

-

vlan vlan-id

Specifies the outer VLAN ID of packets.

The value is an integer that ranges from 1 to 4094.

inner-vlan vlan-id

Specifies the inner VLAN ID of packets.

The value is an integer that ranges from 1 to 4094.

dst-mac mac-address

Specifies the destination MAC address of packets.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

src-mac mac-address

Specifies the source MAC address of packets.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

slot slot-id

Specifies the slot ID.

The value is an integer or a string of characters. You can enter a question mark (?) and select a value from the displayed value range.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When traffic forwarding or a device becomes abnormal, you can run this command to view resource information about Layer 2 traffic forwarding paths on a VXLAN network.

Example

# Display resource information about Layer 2 traffic forwarding paths for packets from the source MAC address 3-3-3 to the destination MAC address 2-2-2 with outer VLAN ID 1000 from Eth-Trunk44. (CE6870EI)
<HUAWEI> display forward entry vxlan-l2 interface Eth-Trunk 44 vlan 1000 dst-mac 2-2-2 src-mac 3-3-3 slot 4
Slot: 4
FEI:
    VLAN:
        VlanId: 1000
            MAC_Learn: Enable
    STP:
        STP Instance:0
    LIF: 12289
    BD: 20
        MAC_Learn: Enable
        VSI: 4
        MCID: 4608
    VNI: 20
    SMAC: 0003-0003-0003
        Learned Form: Eth-Trunk44.1
    DMAC: 0002-0002-0002
        Learned Form: 1.1.1.1
SDK:
    Unit: 0
    VLAN:
        VlanId: 1000
        InLIF: 4114
            VSI: 17
            VLAN_EDIT_VID_1: 0
            VLAN_EDIT_VID_2: 0
            MAC_Learn: Enable
            USE_IN_LIF: 0
            FEC_LEARN_INFO: 0
        MCID: 4620
        OutLIF: 4114
            VLAN_EDIT_VID_1: 1000
            VLAN_EDIT_VID_2: 0
    PORT:
        Name: interface Eth-Trunk44
            Control Eth-Trunk ID: 5
            Forward Eth-Trunk ID: 5
        Member:
        Interface 10GE4/0/14
        Mod-Port: 1-10
            PVID: 1
            Vlandomain: 0
            Tpid1: 33024
            Tpid2: 33024
            Defaultlif: 0
        Interface 10GE4/0/15
        Mod-Port: 1-11
            PVID: 1
            Vlandomain: 0
            Tpid1: 33024
            Tpid2: 33024
            Defaultlif: 0
    SMAC: 0003-0003-0003
        Learned From Port: 10
    DMAC: 0002-0002-0002
        Learned From Port: 20
# Display resource information about Layer 2 traffic forwarding paths for packets from the source MAC address 3-3-3 to the destination MAC address 1-1-1 with outer VLAN ID 100 from 10GE1/0/8. (Not supported on the CE6870EI and CE6880EI)
<HUAWEI> display forward entry vxlan-l2 interface 10GE1/0/8 vlan 100 dst-mac 1-1-1  src-mac 3-3-3 slot 1
Slot: 1
FEI:
    VLAN:
        VlanId: 100
            MAC_Learn: Enable
    STP:
        STP Instance: 0
    VP: 221
    BD: 100
        MAC_Learn: Enable
        VFI: 100
        MCID: 100
    VNI: 100
    SMAC: 0003-0003-0003
        Learned Form: 10GE1/0/8.1
    DMAC: 0001-0001-0001
        Learned Form: 1.1.1.1
SDK:
    Unit: 0
    VP: 10
    VFI: 100
    VNI: 100
    MCID: 100
    SMAC: 0003-0003-0003
        Learned From VP: 10
    DMAC: 0001-0001-0001
        Learned From VP: 20
# Display resource information about Layer 2 traffic forwarding paths for packets from the source MAC address 3-3-3 to the destination MAC address 1-1-1 with outer VLAN ID 100 from 10GE1/0/8. (CE6880EI)
<HUAWEI> display forward entry vxlan-l2 interface 10GE 1/0/8 vlan 100 dst-mac 1-1-1  src-mac 3-3-3 slot 1
Slot: 1
FEI:
    VLAN:
        VlanId: 100
            MAC_Learn: Enable
    STP:
        STP Instance: 0
    VP: 221
    BD: 100
        MAC_Learn: Enable
        VSI: 100
        MCID: 100
    VNI: 100
    SMAC: 0003-0003-0003
        Learned Form: 10GE1/0/8.1
    DMAC: 0001-0001-0001
        Learned Form: 1.1.1.1
SDK:
    Unit: 0
    VLAN:
        VlanId: 100
            MAC_Learn: Enable
            CIB Flag: 1
            NewOuterVlan: 10
            NewInnerVlan: 10
            NewOuterPri: 1
            NewInnerPri: 2
            CauseId: 3
            VSI: 100
            SVP: 20
            MTU: 30
            VRF: 40
            ClassId: 1
            CounterId: 13
    VP: 10
    VSI: 100
        MAC_Learn: Enable
    VNI: 100
    MCID: 100
    SMAC: 0003-0003-0003
        Learned From VP: 10
    DMAC: 0001-0001-0001
        Learned From VP: 20
Table 13-26  Description of the display forward entry vxlan-l2 command output

Item

Description

Slot

Slot ID.

FEI

FEI-side software table information.

SDK

Chip's hardware table information.

VLAN

VLAN information.
  • MAC_Learn: MAC address learning status
  • InLIF: Layer 2 logical interface in the inbound direction
  • MCID: multicast group used by BUM traffic in a VLAN
  • OutLIF: Layer 2 logical interface in the outbound direction

PORT

Port data, such as the control plane ID, forwarding plane ID, default VLAN, and STP status.

SMAC

Source MAC address.

DMAC

Destination MAC address.

display forward entry vxlan-l3

Function

The display forward entry vxlan-l3 command displays resource information about Layer 3 traffic forwarding paths on a VXLAN network.

Format

display forward entry vxlan-l3 interface interface-type interface-number [ vlan vlan-id [ inner-vlan vlan-id ] ] { arp | ip } destination-ip [ source-ip ] [ protocol { protocol-number | icmp | ospf | tcp [ source-port source-port [ destination-port destination-port ] ] | udp [ source-port source-port [ destination-port destination-port ] ] } ] [ slot slot-id ]

Parameters

Parameter Description Value
interface interface-type interface-number

Specifies an interface.

-

vlan vlan-id

Specifies the outer VLAN ID of packets.

The value is an integer that ranges from 1 to 4094.

inner-vlan vlan-id

Specifies the inner VLAN ID of packets.

The value is an integer that ranges from 1 to 4094.

arp

Displays ARP entries.

-

ip

Displays routing entries.

-

destination-ip

Specifies the destination IP address of packets.

The value is in dotted decimal notation.

source-ip

Specifies the source IP address of packets.

The value is in dotted decimal notation.

protocol

Specifies the protocol type.

The value range is as follows:
  • The value of protocol-number is an integer that ranges from 0 to 255. The protocol type can be as follows:
  • icmp
  • ospf
  • tcp
  • udp
source-port source-port

Specifies the source port number.

The value is an integer that ranges from 0 to 65535.

destination-port destination-port

Specifies the destination port number.

The value is an integer that ranges from 0 to 65535.

slot slot-id

Specifies the slot ID.

The value is an integer or a string of characters. You can enter a question mark (?) and select a value from the displayed value range.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When traffic forwarding or a device becomes abnormal, you can run this command to view resource information about Layer 3 traffic forwarding paths on a VXLAN network.

Example

# Display resource information about Layer 3 traffic forwarding paths for packets to the destination IP address 192.168.10.2 with outer VLAN ID 601 from Eth-Trunk11. (Not supported on the CE6870EI)
<HUAWEI> display forward entry vxlan-l3 interface Eth-Trunk 11 vlan 601 arp 192.168.10.2 slot 1
Slot 1:

FEI:
    VLAN: 601
    Interface: Eth-Trunk11
    L3 Gateway: Vbdif601
    VPN: _public_
    DIP: 192.168.10.2
    FEC: 114694
SDK(Host, Chip:0):
    FVRF: 0
    DIP: 192.168.10.2
    HostEEP: 196608
    MACLSB: 2
    OutRIF: 0
    FECFlag: 3
    FEC: 114694

    GlobalLIF: 196608
    LocalLIF: 16384
    Type: 3
    OutVID: 0
    OutVIDValid: 0
    DMAC: 0000-0100-0100
    RemarkProfile: 1
    NextEEP: 0
    NextEEPValid: 0

    FEC[0]: 114694
    FECType: 10
    DESTVAL: 4
    DESTType: 4
    OutRIF: 0
    EEP: 4098
    Type: 0
    OutVSI: 4098
    RemarkProfile: 0

    NextEEP: 0
    NextEEPValid: 0
# Display resource information about Layer 3 traffic forwarding paths for packets to the destination IP address 192.168.10.0 with outer VLAN ID 601 from 40GE1/0/11. (Not supported on the CE6870EI and CE6880EI)
<HUAWEI> display forward entry vxlan-l3 interface 40GE 1/0/11 vlan 601 ip 192.168.10.0 slot 1
Slot 1:

FEI:
    VLAN: 601
    Interface: 40GE1/0/11
    L3 Gateway: Vbdif601
    VPN: _public_
    DIP: 192.168.10.0
    NextHop: 192.168.10.1
    FEC: 2
SDK(Route, Chip:0):
    FVRF: 0
    DIP: 192.168.10.0
    MaskLen: 24
    FEC: 4

    FEC[0]: 4
    TrunkFlag: 0
    MOD: 0
    PortOrTrunk: 4
    MAC: 0021-5250-1001
# Display resource information about Layer 3 traffic forwarding paths for packets to the destination IP address 192.168.10.0 with outer VLAN ID 100 from 10GE1/0/24. (Not supported on the CE6880EI)
<HUAWEI> display forward entry vxlan-l3 interface 10GE1/0/24 vlan 100 ip 192.168.10.0
Slot 1:

FEI:
    VLAN: 100
    Interface: 10GE1/0/24
    L3 Gateway: Vbdif50
    VPN: _public_
    DIP: 192.168.10.0
    NextHop: 192.168.10.1
    FEC: 8194
SDK(Chip:0):
    FVRF: 0
    DIP: 192.168.10.0
    MaskLen: 24
    FEC: 8194

    FEC[0]: 8194
    TrunkFlag: 0
    MOD: 0
    PortOrTrunk: 0
Table 13-27  Description of the display forward entry vxlan-l3 command output

Item

Description

Slot

Slot ID.

FEI

FEI-side software table information.
  • VLAN: VLAN ID in packets
  • Interface: outbound interface
  • L3 Gateway: Layer 3 gateway
  • VPN: VPN information
  • DIP: destination IP address
  • NextHop: next hop
  • FEC: next hop index in the chip

SDK

Chip's hardware table information.
  • FVRF: VPN index in the chip
  • DIP: destination IP address
  • MaskLen: mask length of the destination IP address
  • FEC: next hop index in the chip
  • TrunkFlag: whether the next-hop outbound interface is an Eth-Trunk
  • MOD: ID of the module corresponding to the next-hop outbound interface in the chip
  • PortOrTrunk: ID of the port or Eth-Trunk corresponding to the next-hop outbound interface in the chip

display interface nve

Function

The display interface nve command displays information about network virtualization edge (NVE) interfaces.

Format

display interface nve [ nve-number | main ]

Parameters

Parameter Description Value
nve-number Specifies the number of an NVE interface.

If nve-number is not specified, information about all NVE interfaces is displayed.

The value is an integer that varies according to different devices.

main

Displays the running status of and traffic statistics on an interface.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To monitor the status of an NVE interface or locate an NVE interface faults on a VXLAN, run the display interface nve command to check information about the NVE interface.

Example

# Display information about NVE interface.
<HUAWEI> display interface nve 1
Nve1 current state : UP (ifindex: 711)
Line protocol current state : UP 
Description: 
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 200b-c739-1301
Table 13-28  Description of the display interface nve command output

Item

Description

Nve1 current state

Physical status of NVE interface. The physical status retains UP after NVE interface is created.

Line protocol current state

Link layer protocol status of NVE interface. The link layer protocol status retains UP after NVE interface is created.

Description

NVE interface description. The description can be modified using the description command. If no description is configured, nothing is displayed for this field.

display interface vbdif

Function

The display interface vbdif command displays the status, configurations, and statistics about a VBDIF interface.

Format

display interface vbdif [ bd-id ]

Parameters

Parameter Description Value
bd-id

Specifies the ID of the bridge domain (BD) of which the status, configurations, and statistics about the VBDIF interface is displayed.

If bd-id is not specified, statuses, configurations, and statistics about all VBDIF interfaces are displayed.

The value is an integer ranging from 1 to 16777215.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To monitor the status of an interface or locate an interface fault, run the display interface vbdif command to view status, configurations and statistics about the interface. This information provides a basis for fault location.

Prerequisites

A VBDIF interface has been created.

Example

# Displays information about VBDIF 20 interface.

<HUAWEI> display interface vbdif 20
Vbdif20 current state : UP (ifindex: 1120)                                                                                          
Line protocol current state : UP                                                                                                    
Last line protocol up time : 2015-07-08 11:25:34                                                                                    
Description:                                                                                                                        
Route Port,The Maximum Transmit Unit is 1500                                                                                        
Internet Address is 192.168.20.1/24                                                                                                 
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-5e00-0101                                                     
Current system time: 2015-07-08 14:09:59                                                                                            
Table 13-29  Description of the display interface vbdif command output

Item

Description

Vbdif20 current state

Indicates the physical status of the VBDIF interface:
  • UP: indicates that the interface is Up.
  • DOWN: indicates that the interface is Down.
  • Administratively down: If the administrator uses the shutdown command on the interface, the state is Administratively Down.

Line protocol current state

Indicates the status of the link protocol of the VBDIF interface:
  • UP: indicates the normal enabled state.

  • DOWN: indicates the abnormal state or the IP address is not configured on the interface.

Last line protocol up time

Indicates the last time when the link layer protocol status of the interface is Up.
NOTE:

This field is displayed only when the link layer protocol status of an interface is Up.

Description

Indicates the description of an interface. The information allows users to know about functions of the interface and is used to identify the current interface.

The description command is used to configure or modify the description of an interface.

If the description command is not used to configure the interface description, the description is empty by default.

Route Port

Indicates the Layer 3 interface.

The Maximum Transmit Unit is

Indicates the MTU of the interface. By default, the MTU is 1500 bytes. Packets larger than the MTU are fragmented before being sent. If fragmentation is disabled, packets will be discarded.

The mtu command is used to configure or modify the MTU of a VBDIF interface.

Internet Address is

Indicates the IP address of a VBDIF interface.

If no IP address is configured on the current VBDIF interface, the system displays "Internet protocol processing: disabled".

IP Sending Frames' Format is

Format of the Ethernet frame sent by the VBDIF interface.

The default frame format is PKTFMT_ETHNT_2. When receiving frames, the Ethernet protocol can identify the following formats:
  • PKTFMT_ETHNT_2
  • Ethernet_SNAP
  • 802.2
  • 802.3

Hardware address is

Indicates the physical address.

Current system time

Indicates the current system time.

If the system is configured with a time zone and is in the summer time configured using the clock daylight-saving-time command, the time is displayed in the format of YYYY/MM/DD HH:MM:SS UTC±HH:MM DST.

display mac-address bridge-domain

Function

The display mac-address bridge-domain command displays MAC address entries in a specified bridge domain (BD).

Format

# Display all MAC address entries in specified bridge domain.

display mac-address [ mac-address ] bridge-domain bd-id [ verbose ]

# Display static MAC address entries in a specified bridge domain.

display mac-address static bridge-domain bd-id [ verbose ]

Parameters

Parameter Description Value
mac-address Displays an entry with a specified MAC address. The value is a 12-digit hexadecimal number, in the format of H-H-H. Each H is 4 digits. If an H contains fewer than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0.
bd-id Displays MAC address entries in a bridge domain with a specified ID. The value is an integer ranging from 1 to 16777215.
static

Displays static MAC address entries.

The static parameter configured in this command helps verify that a user device is correctly bound to an interface so that the device secures authorized user's communication.

-
verbose

Displays detailed information about MAC address entries in a bridge domain.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To adapt to a changing network, the MAC address table needs to be updated constantly. To check MAC address entries in a BD, run the display mac-address bridge-domain command.

NOTE:

Currently, you can only view VXLAN MAC address entries by the BD.

Example

# Display all MAC address entries in bridge domain 1019.

<HUAWEI> display mac-address bridge-domain 1019
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI/BD   Learned-From        Type                Age
-------------------------------------------------------------------------------
e468-a356-0cb2 -/-/10        10GE1/0/38          dynamic             590
-------------------------------------------------------------------------------
Total items: 1
Table 13-30  Description of the display mac-address bridge-domain command output

Item

Description

Backup

Backup path

MAC Address

Destination MAC address

VLAN/VSI/BD

  • VLAN: ID of a VLAN to which an interface belongs
  • VSI: ID of a VSI associated with an interface
  • BD: ID of a BD to which an interface belongs

Learned-From

  • Static MAC address configured for an interface if the MAC address entry type is static
  • MAC address dynamically learned by an interface if the MAC address entry type is dynamic

Type

MAC address entry type:
  • static: static MAC address entries
  • dynamic: dynamic MAC address entries.
  • evn: indicates a MAC address entry of EVN or EVPN.

Total items

Total number of MAC address entries matching the configured conditions.

display mac-address evn

Function

The display mac-address evn command displays EVN or EVPN MAC address entries.

Format

display mac-address evn [ vlan vlan-id ]

Parameters

Parameter

Description

Value

vlan vlan-id

Displays MAC address entries in a specified VLAN.

The value is an integer that ranges from 1 to 4094. The VLAN cannot be the reserved VLAN configured by the vlan reserved command.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The EVN is Layer 2 interconnection VPN technology based on the VXLAN tunnel. EVN uses MP-BGP to transmit MAC address entries between Layer 2 networks. The EVPN is another Layer 2 interconnection VPN technology. EVPN uses BGP EVPN to transmit MAC address entries between Layer 2 networks. To view MAC address entries of the EVN or EVPN, run this command.

Precautions

If you run the display mac-address evn command without parameters, all the MAC address entries of the EVN or EVPN are displayed.

If the MAC address table does not contain any MAC address entries of EVN or EVPN, no information is displayed.

Example

# Display all MAC address entries of the EVN or EVPN.

<HUAWEI> display mac-address evn
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI/BD   Learned-From        Type                Age
-------------------------------------------------------------------------------
0000-3602-0311 -/-/20        2.2.2.2             evn                   -
-------------------------------------------------------------------------------
Total items: 1  
Table 13-31  Description of the display mac-address evn command output

Item

Description

Backup

Backup way.

MAC Address

Destination MAC address in a MAC address entry.

VLAN/VSI/BD

  • VLAN: ID of a VLAN to which an interface belongs
  • VSI: ID of a VSI associated with an interface
  • BD: ID of a bridge domain to which an interface belongs
NOTE:

Information including the BD is displayed only on the VXLAN-capable device.

Learned-From

Interface on which a MAC address is learned.

Type

Type of a MAC address entry.

evn: indicates a MAC address entry of EVN or EVPN.

Age

MAC learned time in seconds.

display mac-address inactive

Function

The display mac-address inactive command displays MAC address entries that fail to be delivered.

Format

display mac-address inactive [ evn ] [ slot slot-id ]

Parameters

Parameter

Description

Value

evn

Displays MAC addresses in EVN or EVPN scenarios.

-

slot slot-id

Displays MAC addresses in the specified slot.

The value is an integer and must be the slot ID of a running board.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

In EVN or EVPN scenarios, you can run the display mac-address inactive command to view MAC address entries that fail to be delivered.

Example

# Display MAC address entries that fail to be delivered.

<HUAWEI> display mac-address inactive
---- Flags: * - Backup                                                                                                              
-------------------------------------------------------------------------------                                                     
MAC Address    VLAN/VSI/BD   Learned-From        Type                Age       
------------------------------------------------------------------------------- 
0000-3602-0311 -/-/20        2.2.2.2             evn                   -
------------------------------------------------------------------------------- 
Total items: 1
Table 13-32  Description of the display mac-address inactive command output

Item

Description

Backup

Backup way.

MAC Address

Destination MAC address in a MAC address entry.

VLAN/VSI/BD

  • VLAN: ID of a VLAN to which an interface belongs
  • VSI: ID of a VSI associated with an interface
  • BD: ID of a bridge domain to which an interface belongs
NOTE:

Information including the BD is displayed only on the VXLAN-capable device.

Learned-From

Interface that learns a MAC address.

Type

Type of a MAC address entry.

evn: indicates a MAC address entry of EVN or EVPN.

Age

MAC learned time in seconds.

display mac-address total-number bridge-domain

Function

The display mac-address total-number bridge-domain command displays the total number of MAC address entries in a bridge domain (BD).

Format

display mac-address total-number [ static ] bridge-domain bd-id

Parameters

Parameter Description Value
static Displays the number of static MAC address entries. -
bridge-domain bd-id Displays the number of MAC address entries in a specified BD. The value is an integer ranging from 1 to 16777215.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check the total number of MAC address entries in a BD, run the display mac-address total-number bridge-domain command.

Example

# Display the total number of MAC address entries in BD 10.

<HUAWEI> display mac-address total-number bridge-domain 10
Total number of mac-address : 5
Table 13-33  Description of the display mac-address total-number bridge-domain command output

Item

Description

Total number of mac-address

Total number of MAC address entries in the specified BD

display mac-address total-number evn

Function

The display mac-address total-number evn command displays the number of EVN MAC address entries.

Format

display mac-address total-number evn [ vlan vlan-id ]

Parameters

Parameter

Description

Value

vlan vlan-id

Displays the number of EVN MAC address entries in a specified VLAN.

The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The MAC address table of the switch stores MAC addresses of other devices. When forwarding an Ethernet frame, the switch searches the MAC address table for the outbound interface according to the destination MAC address and VLAN ID in the Ethernet frame.

When the switch has many EVN MAC address entries, you can use the display mac-address total-number evn command to view statistics on EVN MAC address entries.

Precautions

If vlan vlan-id is not specified, the total number of EVN MAC addresses in all VLANs is displayed.

Example

# Display the number of EVN MAC address entries.

<HUAWEI> display mac-address total-number evn
Total number of mac-address : 20
Table 13-34  Description of the display mac-address total-number evn command output

Item

Description

Total number of mac-address

Total number of EVN MAC address entries in the system.

display mac-address limit bridge-domain

Function

The display mac-address limit bridge-domain command displays rules for dynamically learning MAC addresses in a bridge domain (BD).

Format

display mac-address limit bridge-domain bd-id

Parameters

Parameter Description Value
bridge-domain bd-id Displays rules for dynamically learning MAC addresses in a bridge domain with a specified ID.

The value is an integer ranging from 1 to 16777215.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After MAC address dynamically learning limit rules are successfully configured, run the display mac-address limit bridge-domain command to view the configuration. The command output helps verify the configuration and analyze faults.

Precautions

If a great number of bridge domains are configured on a device, configure bd-id in the display mac-address limit bridge-domain command to view information about a specified bridge domain.

Example

# Display MAC address dynamically learning limit rules in BD 10.

<HUAWEI> display mac-address limit bridge-domain 10
Bridge-domain 10 MAC limit:
  Maximum MAC count 100, used count 3
  Action: forward, Alarm: enable
Table 13-35  Description of the display mac-address limit bridge-domain command output

Item

Description

Bridge-domain 10 MAC limit

BD in which a MAC address limit rule is configured.

Maximum MAC count 100

Maximum number of MAC addresses to be learned.

used count 3

Number of learned MAC addresses in a specified bridge domain.

Action

Action the interface takes to process packets after the interface learns a maximum number of MAC addresses:
  • discard

  • forward

Alarm

Whether the interface is enabled to send an alarm to the NMS after the number of learned MAC addresses reaches the upper limit:
  • enable

  • disable

display snmp-agent trap feature-name nvo3 all

Function

The display snmp-agent trap feature-name nvo3 all command displays all trap functions of the Virtual eXtensible Local Area Network (VXLAN) module.

Format

display snmp-agent trap feature-name nvo3 all

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station, and the network administrator immediately takes measures to resolve the problem.

The display snmp-agent trap feature-name nvo3 all command displays all trap functions of the VXLAN module.

Example

# Display all trap messages of the VXLAN module.

<HUAWEI> display snmp-agent trap feature-name nvo3 all
------------------------------------------------------------------------------
Feature name: NVO3
Trap number : 2
------------------------------------------------------------------------------
Trap name                      Default switch status   Current switch status
hwNvo3VxlanTnlDown             off                     on
hwNvo3VxlanTnlUp               off                     on
Table 13-36  Description of the display snmp-agent trap feature-name nvo3 all command output

Item

Description

Feature name

Name of the module to which a trap message belongs.

Trap number

Number of trap messages.

Trap name

Name of a trap message of the VXLAN module:
  • hwNvo3VxlanTnlDown: The VXLAN tunnel went down.

  • hwNvo3VxlanTnlUp: The VXLAN tunnel went up.

Default switch status

Status of the default trap function:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

Current switch status

Status of the current trap function:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

display snmp-agent trap feature-name vstm all

Function

The display snmp-agent trap feature-name vstm all command displays all alarm information of the VXLAN VSTM module.

Format

display snmp-agent trap feature-name vstm all

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

The Simple Network Management Protocol (SNMP) is used for network management on the TCP/IP network. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent that runs on the network element automatically reports alarms to the management station. After that, the network administrator can take measures accordingly.

To check all alarm information of the VXLAN VSTM module, run the display snmp-agent trap feature-name vstm all command.

Example

# Display all alarm information of the VXLAN VSTM module.

<HUAWEI> display snmp-agent trap feature-name vstm all
------------------------------------------------------------------------------                                                      
Feature name: VSTM                                                                                                                  
Trap number : 2                                                                                                                     
------------------------------------------------------------------------------                                                      
Trap name                      Default switch status   Current switch status                                                        
hwEthernetARPHostIPConflict    on                      on                                                                           
hwEthernetARPHostIPConflictResume                                                                                                   
                               on                      on                             
Table 13-37  Description of the display snmp-agent trap feature-name vstm all command output

Item

Description

Feature name

Name of the module for which the alarms are generated

Trap number

Number of alarms

Trap name

Name of an alarm of the VXLAN VSTM module

  • hwEthernetARPHostIPConflict: The device detected an IP address conflict of terminal users.

  • hwEthernetARPHostIPConflictResume: The IP address conflict of terminal users was removed.

Default switch status

Default alarm status

  • on
  • off

Current switch status

Current alarm status

  • on
  • off

display vxlan flood-vtep

Function

The display vxlan flood-vtep command displays information about a VXLAN centralized replication list.

Format

display vxlan flood-vtep [ vni vni-id ]

Parameters

Parameter Description Value
vni vni-id Displays information about a VXLAN centralized replication list of a specified VNI ID.

The value is an integer ranging from 1 to 16000000.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Data packets entering a VXLAN tunnel can be forwarded using the centralized replication mode. Centralized replication means that a centralized replication list containing multiple remote VTEP IP addresses is configured using the vni flood-vtep command. Among the remote VTEP IP addresses, only one is in the working state, and others are in the backup state.

To check information about the VXLAN centralized replication list, run the display vxlan flood-vtep command. The information includes the VNI, source and destination VTEP IP addresses, configuration mode of the centralized replication list, and working status of the remote VTEP IP addresses.

Example

# Display information about the VXLAN centralized replication list.
<HUAWEI> display vxlan flood-vtep
Number of peers : 7
Vni ID    Source             Destination       Type       Status
----------------------------------------------------------------------
1         1.1.1.1            1.1.1.3           static     primary          
1         1.1.1.1            1.1.1.4           static     backup           
2         1.1.1.1            1.1.1.4           static     primary          
2         1.1.1.1            1.1.1.5           static     backup           
3         1.1.1.1            1.1.1.6           static     primary          
3         1.1.1.1            1.1.1.7           static     backup           
3         1.1.1.1            1.1.1.8           static     backup
Table 13-38  Description of the display vxlan flood-vtep command output

Item

Description

Number of peers

Number of remote VTEPs in the centralized replication list.

Vni ID

VNI ID, which is configured using the vxlan vni vni-id command.

Source

Source VTEP's IP address, which can be configured using the source ip-address command.

Destination

Destination VTEP's IP address, which can be configured using the vni vni-id flood-vtep ip-address &<1-10> comamnd.

Type

Configuration mode of the centralized replication list. The value can only be static, meaning manual configuration.

Status

Status of a remote VTEP:
  • primary: working state
  • backup: backup state

display vxlan peer

Function

The display vxlan peer command displays ingress replication lists of a VNI or all VNIs.

Format

display vxlan peer [ vni vni-id ]

Parameters

Parameter Description Value
vni vni-id Specifies a VNI.

The value is an integer ranging from 1 to 16000000.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

If you want to check the VNI and source and destination IP address in an ingress replication list after a VXLAN is configured, run the display vxlan peer command. The command output helps you determine whether the VXLAN is correctly configured.

Precautions

Before running the display vxlan peer command, ensure that the specified VNI exists. Otherwise, the information obtained will be inapplicable.

Example

# Display ingress replication lists of the VNI with the ID of 1.
<HUAWEI> display vxlan peer vni 1
Number of peers : 1
Vni ID    Source             Destination       Type
--------------------------------------------------------------
1         1.1.1.1            2.2.2.2           static
# Display ingress replication lists of all VNIs.
<HUAWEI> display vxlan peer
Number of peers : 3
Vni ID    Source             Destination       Type
--------------------------------------------------------------
1         1.1.1.1            2.2.2.2           static            
2         1.1.1.1            3.3.3.3           static            
3         1.1.1.1            4.4.4.4           static
Table 13-39  Description of the display vxlan peer command output

Item

Description

Number of peers

Number of ingress replication lists

Vni ID

VNI ID, which is configured using the vxlan vni vni-id command

Source

Source VTEP's IP address, which can be configured using the source ip-address command

Destination

IP address of the remote VTEP with the Type of static, which can be configured using the vni vni-id head-end peer-list ip-address &<1-10> command

Type

Method for configuring an ingress replication list
  • static: The ingress replication list is configured using the vni vni-id head-end peer-list ip-address &<1-10> command.
  • dynamic: The ingress replication list is dynamically generated by BGP after the vni vni-id head-end peer-list protocol bgp command is run.

display vxlan statistics

Function

The display vxlan statistics command displays VXLAN tunnel packet statistics.

Format

display vxlan statistics source source-ip-address peer peer-ip-address [ vni vni-id ]

Parameters

Parameter Description Value
source source-ip-address Specifies the IP address of the source VTEP. The value is in dotted decimal notation.
peer peer-ip-address Specifies the IP address of the remote VTEP. The value is in dotted decimal notation.
vni vni-id

Specifies the VNI ID.

The value is an integer ranging from 1 to 16000000.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display vxlan statistics command displays packet statistics in inbound and outbound direction of a VXLAN tunnel to help users locate faults, facilitating VXLAN network maintenance.

To ensure that effective information is displayed, you need to run the vxlan statistics enable command in the NVE interface view to enable statistics collection of VXLAN tunnel packets before running the display vxlan statistics command. Whether to specify vni vni-id in the display vxlan statistics command is determined by whether vni vni-id is specified in the vxlan statistics enable command. That is, the VNI must be specified in both or neither commands.

Example

# Display VXLAN tunnel packet statistics, where the IP addresses of the source and remote VTEPs are 10.10.1.1 and 10.1.1.1 respectively and the VNI ID is 10000.

<HUAWEI> display vxlan statistics source 10.10.1.1 peer 10.1.1.1 vni 10000
--------------------------------------------------------------------------
Item                                   Packets                       Bytes
--------------------------------------------------------------------------
Inbound                             23,793,312               4,235,209,536
Outbound                                     0                           0
--------------------------------------------------------------------------
Table 13-40  Description of the display vxlan statistics command output

Item

Description

Item

Statistics items.

Packets

Number of packets.

Bytes

Number of bytes.

Inbound

Packet statistics in the inbound direction of the VXLAN tunnel.

Outbound

Packet statistics in the outbound direction of the VXLAN tunnel.

display vxlan troubleshooting

Function

The display vxlan troubleshooting command displays causes for VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures.

Format

display vxlan troubleshooting

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If a VXLAN tunnel goes Down or fails to be dynamically created, run the display vxlan troubleshooting command to check causes for fault locating.

This command can display causes for the recent five VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures at most.

Example

# Display causes for the VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures.

<HUAWEI> display vxlan troubleshooting
Total counts: 2
--------------------------------------------------------------------------------
Sequence   Time                       Event Description                         
--------------------------------------------------------------------------------
1          2016-02-26 01:40:22        The VXLAN tunnel is down because the route
                                       to the source or destination address is u
                                      nreachable (SourceIpAddress=1.1.1.1, Desti
                                      nationIpAddress=2.2.2.2).                 
2          2016-02-26 01:40:22        The number of VXLAN tunnel exceeded the thr
                                      eshold (Threshold=16384). 
--------------------------------------------------------------------------------
Table 13-41  Description of the display vxlan troubleshooting command output

Item

Description

Total counts

Number of VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures

Sequence

Sequence number

Time

Time when a VXLAN tunnel went Down or failed to be dynamically created

Event Description

Cause for a VXLAN tunnel Down event or dynamic VXLAN tunnel establishment failure

display vxlan tunnel

Function

The display vxlan tunnel command displays VXLAN tunnel information.

Format

display vxlan tunnel [ tunnel-id ] [ verbose ]

Parameters

Parameter Description Value
tunnel-id Specifies a VXLAN tunnel ID. The value is an integer ranging from 1 to 4294967295.
verbose Displays detailed VXLAN tunnel information. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After VXLAN tunnels are established, run the display vxlan tunnel command to check tunnel information. The command output helps verify configurations and locate faults.

Example

# Display VXLAN tunnel information.
<HUAWEI> display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID   Source           Destination      State  Type    Uptime
-----------------------------------------------------------------------
33686018    1.1.1.1          2.2.2.2          up     static  03:12:33
33686019    1.1.1.1          2.2.2.3          up     static  12:23:45
# Display detailed VXLAN tunnel information.
<HUAWEI> display vxlan tunnel 1 verbose
  Tunnel ID       : 1
  Source          : 1.1.1.1
  Destination     : 4.4.4.4
  State           : down
  Type            : static
  Uptime          : -
Table 13-42  Description of the display vxlan tunnel command output

Item

Description

Number of vxlan tunnel

Number of VXLAN tunnels that have been established.

Tunnel ID

VXLAN tunnel ID, which is automatically allocated after a VXLAN tunnel is established.

Source

VXLAN tunnel's source IP address.

Destination

VXLAN tunnel's destination IP address.

State

VXLAN tunnel status:
  • up: The tunnel is reachable.
  • down: The tunnel is unreachable.

Type

VXLAN tunnel type.

The VXLAN tunnel status is determined by how peer-list ip-address is specified in the vni vni-id head-end peer-list ip-address &<1-10> command:
  • static: peer-list ip-address is statically configured.
  • dynamic: peer-list ip-address is dynamically learned by a routing protocol.

Uptime

Period during which a VXLAN tunnel is Up.
  • If the period is less than 24 hours, the displayed format is hh:mm:ss, where hh, mm, and ss stand for hours, minutes, and seconds, respectively.
  • If the period is greater than 24 hours but less than 9999 hours, the displayed format is xxxxhxxm. For example, a period of 30 hours and 26 minutes is displayed as 0030h26m.
  • If the period is greater than 9999 hours, the number of hours is displayed as four asterisks (****). For example, a period of 10000 hours and 26 minutes is displayed as ****h26m.

If a hyphen (-) is displayed, the VXLAN tunnel is Down.

display vxlan vni

Function

The display vxlan vni command displays VXLAN configurations.

Format

display vxlan vni [ vni-id [ verbose ] ]

Parameters

Parameter Description Value
vni-id Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

verbose Displays detailed configurations of the VXLAN with a specified VNI ID. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After a VXLAN is configured, to check the VNI status and BD to which the VNI is mapped, run the display vxlan vni command. The command output helps you determine whether the VXLAN is correctly configured.

Precautions

Before running the display vxlan vni command, ensure that the specified VNI exists. Otherwise, the information obtained will be inapplicable.

If both ingress replication and centralized replication are configured in a VSI, the mode for forwarding BUM packets is displayed as centralized replication in the command output.

Example

# Display VXLAN configurations.
<HUAWEI> display vxlan vni
Number of vxlan vni: 2
VNI            BD-ID            State
---------------------------------------
5010           10               up
5020           20               up
# Display detailed configurations of the VXLAN with VNI 5000.
<HUAWEI> display vxlan vni 5000 verbose
    BD ID                  : 10
    State                  : up
    NVE                    : 1610612739
    Source Address         : 1.1.1.1
    Source IPv6 Address    : -
    UDP Port               : 4789
    BUM Mode               : head-end
    Group Address          : -
    Peer List              : 2.2.2.2 2.2.2.3
    IPv6 Peer List         : -
Table 13-43  Description of the display vxlan vni command output

Item

Description

Number of vxlan vni

Number of VNIs configured.

VNI

VNI ID, which is configured using the vxlan vni vni-id command.

BD-ID(BD ID)

ID of the BD to which a VNI is mapped, which is configured using the bridge-domain bd-id command.

State

VNI status:
  • up
  • down

The status of a VNI is up only when the VXLAN tunnel identified by the VNI exists and is up.

If the VNI status is down, check whether the source and destination IP addresses displayed in the Source Address and Peer List fields in the display vxlan vni command output are consistent with those displayed in the Source and Destination fields in the display vxlan tunnel command output.
  • If they are inconsistent, the VXLAN tunnel identified by the VNI does not exist.

    Run the source ip-address or vni vni-id head-end peer-list ip-address &<1-10> command to change the source or destination IP address of the VXLAN tunnel to ensure that the VXLAN tunnel exists.

  • If they are consistent, collect configuration information and contact technical support personnel.

NVE

NVE interface index, which is automatically generated when an NVE interface is created using the interface nve command. This index is used only for internal query.

Source Address

Source VTEP's IP address, which can be configured using the source ip-address command.

Source IPv6 Address

IPv6 address of the source VTEP

UDP Port

Destination UDP port number, which is fixed at 4789.

BUM Mode

Broadcast, unknown unicast, and multicast mode

  • head-end: A VXLAN tunnel forwards BUM packets using the ingress replication mode.
  • flood-vtep replication: A VXLAN tunnel forwards BUM packets using the centralized replication mode.

Group Address

Multicast replication address of a BUM packet, namely, the address of the multicast group that each VTEP joins.

This field displays as a hyphen (-) because multicast replication is not supported.

Peer List

Remote VTEPs' IP addresses, which can be configured using the vni vni-id head-end peer-list ip-address &<1-10> command.

When BUM Mode is flood-vtep replication, this field is not displayed. To check the remote VTEPs' IP addresses in centralized replication mode, run the display vxlan flood-vtep command.

IPv6 Peer List

IPv6 address of the remote VTEP

When BUM Mode is flood-vtep replication, the field is not displayed in the command output.

encapsulation (Layer 2 sub-interface view)

Function

The encapsulation command specifies an encapsulation type of packets allowed to pass through a Layer 2 sub-interface.

The undo encapsulation command deletes an encapsulation type of packets allowed to pass through a Layer 2 sub-interface.

By default, an encapsulation type of packets allowed to pass through a Layer 2 sub-interface is not specified.

Format

encapsulation { dot1q [ vid ce-vid ] | default | untag | qinq [ vid pe-vid ce-vid ce-vid ] }

undo encapsulation { dot1q [ vid ce-vid ] | default | untag | qinq [ vid pe-vid ce-vid ce-vid ] }

encapsulation qinq vid low-pe-vid [ to high-pe-vid ] ce-vid low-ce-vid [ to high-ce-vid ]

undo encapsulation qinq vid low-pe-vid [ to high-pe-vid ] ce-vid low-ce-vid [ to high-ce-vid ]

Parameters

Parameter Description Value
dot1q

Indicates the Dot1q encapsulation type, which allows a Layer 2 sub-interface to receive tagged packets.

-
qinq

Indicates the QinQ encapsulation type, which allows a Layer 2 sub-interface to receive tagged packets.

-
vid ce-vid

Specifies a VLAN ID in the outer VLAN tag.

NOTE:

The value of vid for a Layer 2 sub-interface with the encapsulation type set to dot1q cannot be the same as the ID of the VLAN through which packets transmitted from the corresponding Layer 2 interface are allowed to pass.

The value is an integer ranging from 1 to 4094.
default

Indicates the Default encapsulation type, which allows a Layer 2 sub-interface to receive all packets, irrespective of whether the packets carry VLAN tags.

NOTE:
  • If default is configured for a Layer 2 sub-interface on a main interface, the main interface cannot have other types of Layer 2 sub-interfaces configured.

  • If default is configured for a Layer 2 sub-interface on a main interface, ensure that the main interface of the Layer 2 sub-interface is not added to any VLAN.
-
untag Indicates the Untag encapsulation type, which allows a Layer 2 sub-interface to receive only untagged packets. -
vid pe-vid

Specifies an outer VLAN ID for double-tagged packets to be received by a Layer 2 sub-interface.

The value is an integer ranging from 1 to 4094.
ce-vid ce-vid

Specifies an inner VLAN ID for double-tagged packets to be received by a Layer 2 sub-interface.

The value is an integer ranging from 1 to 4094.
vid low-pe-vid [ to high-pe-vid ] Specifies a range of outer VLAN IDs for double-tagged packets to be received by a Layer 2 sub-interface. The parameters are as follows:
  • low-pe-vid: specifies the start VLAN ID.
  • high-pe-vid: specifies the end VLAN ID. high-pe-vid must be greater than or equal to low-pe-vid. high-pe-vid and low-pe-vid define a range of VLAN IDs.
  • If you do not specify to high-pe-vid, low-pe-vid specifies the single VLAN ID carried in packets.
The value is an integer ranging from 1 to 4094.
ce-vid low-ce-vid [ to high-ce-vid ] Specifies a range of inner VLAN IDs for double-tagged packets to be received by a Layer 2 sub-interface. The parameters are as follows:
  • low-ce-vid: specifies the start VLAN ID in an inner tag.
  • high-pe-vid: specifies the end VLAN ID in an inner tag. high-ce-vid must be greater than or equal to low-ce-vid. high-ce-vid and low-ce-vid define a range of VLAN IDs in an inner VLAN tag.
  • If you do not specify to high-ce-vid, low-ce-vid specifies the single VLAN ID in the inner VLAN tag carried in packets.
The value is an integer ranging from 1 to 4094.

Views

Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets on a VXLAN either carry VLAN tags or do not carry VLAN tags. To allow these packets to be transmitted through different Layer 2 sub-interfaces, run the encapsulation command to configure an encapsulation type for each Layer 2 sub-interface.

Precautions

Each Layer 2 sub-interface can have only one encapsulation type configured. Before changing an encapsulation type, run the undo encapsulation command to delete the existing encapsulation type. Then run the encapsulation command to specify an encapsulation type.

When a sub-interface that is configured with Dot1q and QinQ receives double-tagged VLAN packets, the QinQ sub-interface preferentially processes the packets. For example, if a Dot1q and QinQ sub-interface carries the VLAN ID of 10 for Dot1q and outer VLAN ID of 10 and inner VLAN ID of 20 for QinQ and receives a packet with the outer VLAN ID of 10 and inner VLAN ID of 20, the QinQ sub-interface preferentially processes the packet. If a Dot1q and QinQ sub-interface carries the VLAN ID of 10 for Dot1q and outer VLAN ID of 10 and inner VLAN ID of 20 for QinQ and receives a packet with the outer VLAN ID of 10 and inner VLAN ID of non-20, the Dot1q sub-interface preferentially processes the packet.

When the PVID is configured on an interface and the encapsulation untag command is used to configure the Layer 2 sub-interface to receive untagged packets, if the Layer 2 sub-interface is Up, untagged packets are forwarded to the VXLAN network through the Layer 2 sub-interface. If the Layer 2 sub-interface is Down, untagged packets are forwarded based on the PVID.

The original VLAN specified in the port vlan-stacking command cannot be the same as the outer VLAN configured on a QinQ Layer 2 sub-interface.

A QinQ Layer 2 sub-interface can have an outer VLAN ID range and inner VLAN ID range. When a Layer 2 sub-interface in the QinQ encapsulation mode is used in VXLAN network, the interface does not support the following: When a Layer 2 sub-interface in the QinQ encapsulation mode is bound to a BD, if the rewrite pop double command is not configured, DHCP Snooping and ARP broadcast suppression cannot be configured for the BD, and the corresponding VBDIF interface cannot be created for the BD.
NOTE:

The traffic behavior for QinQ interfaces bound to the same BD must be the same.

If a QinQ Layer 2 sub-interface have a outer VLAN ID range or inner VLAN ID range, the rewrite pop double command can not be configured on the interface.

Example

# Enable untagged encapsulation on Layer 2 sub-interface 10GE1/0/1.1.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1.1 mode l2
[*HUAWEI-10GE1/0/1.1] encapsulation untag
# Configure 10GE1/0/1.1 to allow packets carry the outer VLAN ID of 10 and inner VLAN ID of 20 to pass through.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1.1 mode l2
[*HUAWEI-10GE1/0/1.1] encapsulation qinq vid 10 ce-vid 20

evn bgp

Function

The evn bgp command enables EVN BGP and displays the EVN BGP view.

The undo evn bgp command disables EVN BGP.

By default, EVN BGP is disabled.

Format

evn bgp

undo evn bgp

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

EVN BGP is an extension to BGP and used to advertise EVN routes between the EVN instances of different PE devices on an EVN network.

Follow-up Procedure

Run the peer peer-address command to create EVN BGP peers between PE devices on an EVN BGP network.

Precautions

The evn bgp command is mutually exclusive with the following commands:

Example

# Enable EVN BGP and display the EVN BGP view.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp]

evpn

Function

The evpn command creates an EVPN instance for a VXLAN.

The undo evpn command deletes an EVPN instance of a VXLAN.

By default, no EVPN instance is created for VXLANs.

Format

evpn

undo evpn

Parameters

None

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The created EVPN instance can store EVPN routes sent from peer VTEPs.

Prerequisites

The following tasks have been performed:

  • EVPN has been configured to serve as the VXLAN control plane using the evpn-overlay enable command.

  • A VNI has been created using the vxlan vni vni-id command and associated with a broadcast domain (BD).

Configuration Impact

If you run undo evpn command to delete an EVPN instance, all configurations in the EVPN instance are deleted.

Example

# Create an EVPN instance.

<HUAWEI> system-view
[~HUAWEI] evpn-overlay enable
[*HUAWEI] commit
[~HUAWEI] bridge-domain 100
[*HUAWEI-bd100] vxlan vni 200
[*HUAWEI-bd100] evpn

evpn (system view)

Function

The evpn command creates and displays a global EVPN view.

The undo evpn command deletes a global EVPN view.

By default, no global EVPN view is created.

Format

evpn

undo evpn

Parameters

None

Views

System View

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a scenario where segment VXLAN is used for DCI, if DC edge devices (border leaf nodes) do not support bridge domains (BDs), the devices without BD configuration can re-generate IRB routes by default to establish an inter-DC VXLAN tunnel. If edge devices support BDs, to prevent repeat IRB route re-generation, run the evpn command in the system view to display the global EVPN view and then run the irb-reoriginated without-bridge-domain disable command to disable the default IRB route re-generation function when BDs are not configured.

Precautions

The evpn command is mutually exclusive with the evn bgp command.

Example

# Create and display a global EVPN view.

<HUAWEI> system-view
[~HUAWEI] evpn

evpn-overlay enable

Function

The evpn-overlay enable command configures EVPN as the VXLAN control plane.

The undo evpn-overlay enable command restores the default configuration.

By default, EVPN is not configured as the VXLAN control plane.

Format

evpn-overlay enable

undo evpn-overlay enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To configure EVPN as the VXLAN control plane, run the evpn-overlay enable command. This command improves VXLAN security and simplifies the VXLAN configuration.

Precautions

Before running the undo evpn-overlay enable command, delete other EVPN configurations.

Example

# Configure EVPN as the VXLAN control plane.

<HUAWEI> system-view
[~HUAWEI] evpn-overlay enable

export route-policy (BD-EVPN instance view)

Function

The export route-policy command associates an EVPN instance with an export routing policy.

The undo export route-policy command disassociates an EVPN instance with an export routing policy.

By default, an EVPN instance is not associated with any export routing policy.

Format

export route-policy policy-name

undo export route-policy

Parameters

Parameter Description Value
policy-name Specifies the name of a routing policy. The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

BD-EVPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, an EVPN instance adds all VPN targets in the export VPN target list to EVPN routes to be advertised to its peers. To control route export more precisely, run the export route-policy policy-name command to associate the EVPN instance with an export routing policy and set attributes for eligible routes.

Prerequisites

An RD has been configured for the EVPN instance using the route-distinguisher route-distinguisher command.

Configuration Impact

If the command is run more than once, the latest configuration overrides the previous one.

Precautions

If the specified routing policy does not exist, run the route-policy command to create the routing policy.

Example

# Associate an EVPN instance with an export routing policy named rp2.

<HUAWEI> system-view
[~HUAWEI] evpn-overlay enable
[*HUAWEI] commit
[~HUAWEI] bridge-domain 100
[*HUAWEI-bd100] vxlan vni 200
[*HUAWEI-bd100] evpn
[*HUAWEI-bd100-evpn] route-distinguisher 100:1
[*HUAWEI-bd100-evpn] export route-policy rp2

export route-policy evpn

Function

The export route-policy evpn command associates the VPN instance IPv4 address family of a VPN instance with an export routing policy to filter routes to be advertised to the EVPN instance.

The undo export route-policy evpn command disassociates the VPN instance IPv4 address family of a VPN instance with an export routing policy.

By default, the VPN instance IPv4 address family of a VPN instance is not associated with any export routing policy.

Format

export route-policy policy-name evpn

undo export route-policy policy-name evpn

Parameters

Parameter Description Value
policy-name Specifies the name of a routing policy. The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

VPN instance view or VPN instance IPv4 address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, the VPN IPv4 address family of a VPN instance adds all VPN targets in the export VPN target list to routes to be advertised to the EVPN instance. To control route export more precisely, run the export route-policy policy-name evpn command to associate the VPN IPv4 address family with an export routing policy and set attributes for eligible routes.

Prerequisites

An RD has been configured for the VPN instance IPv4 address family using the route-distinguisher route-distinguisher command.

Configuration Impact

If the command is run more than once, the latest configuration overrides the previous one.

The export routing policy configured using the export route-policy policy-name evpn command does not affect the export routing policy applied to the VPN instance using the export route-policy policy-name command.

Precautions

If the specified routing policy does not exist, run the route-policy command to create the routing policy.

Example

# Associate the VPN instance IPv4 address family of a VPN instance named vrf1 with an export routing policy named policy-2 to filter routes to be advertised to an EVPN instance named vrf1.

<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vrf1
[*HUAWEI-vpn-instance-vrf1] ipv4-family
[*HUAWEI-vpn-instance-vrf1-af-ipv4] route-distinguisher 100:1
[*HUAWEI-vpn-instance-vrf1-af-ipv4] export route-policy policy-2 evpn

flood proxy

Function

The flood proxy command configures a flood proxy IP address.

The undo flood proxy command deletes the configured flood proxy IP address.

By default, no flood proxy IP address is configured.

NOTE:
Only the CE6880EI switches support this command.

Format

flood proxy ip-address

undo flood proxy [ ip-address ]

Parameters

Parameter Description Value
ip-address

Specifies a flood proxy IP address.

The value is in dotted decimal notation.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Figure 13-1  Flood proxy diagram

On the VXLAN network shown in Figure 13-1, the source VTEP (VTEP1) has multiple remote VTEPs (VTEP2, VTEP3, and VTEP4). The vni head-end peer-list command is configured to specify the remote VTEPs. When VTEP1 sends BUM packets in ingress replication mode, it needs to send one copy of the packets to each remote VTEP, causing the packet to be flooded and increasing the network load. To solve this problem, a flood gateway can be configured. You can run the flood proxy command on the gateway Device4 to configure it as the flood gateway, which is also called a centralized replicator. When VTEP1 receives BUM packets, it only needs to send one copy of the packets to the centralized replicator. The centralized replicator then sends the packets to each remote VTEP, which reduces flooded traffic on the network.

The source IP address encapsulated in the packets sent by the centralized replicator to other VTEPs is the IP address of VTEP1 (IP1). Therefore, MAC address learning among the VTEPs is not affected.

Prerequisites

The VTEP IP address has been configured for the NVE interface of the centralized replicator. When the VTEP IP address is deleted, the flood proxy IP address is also deleted.

Precautions

  • To make the flood proxy command take effect, you must run the vni flood-vtep command on the source VTEP to configure a flood proxy IP address for the centralized replicator.

  • Generally, the loopback interface IP address of the centralized replicator is configured as the flood proxy IP address, and it is different from the VTEP IP address of the centralized replicator.

Example

# Set the flood proxy IP address to 2.2.2.2.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] source 1.1.1.1
[*HUAWEI-Nve1] flood proxy 2.2.2.2

host collect protocol bgp

Function

The host collect protocol bgp command enables EVN BGP or BGP EVPN to advertise host information.

The undo host collect protocol bgp command disables EVN BGP or BGP EVPN from advertising host information.

By default, EVN BGP or BGP EVPN is disabled from advertising host information.

Format

host collect protocol bgp

undo host collect protocol bgp

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The Layer 3 VXLAN gateway dynamically learns ARP entries of tenants and generates host information (host IP address, MAC address, VTEP address, and VNI ID) based on the ARP entries. The Layer 3 VXLAN gateway then uses EVN BGP to advertise the host information to BGP peers. Layer 2 VXLAN gateways that are BGP peers then use the learned host information for ARP broadcast suppression.

To allow ARP broadcast suppression to take effect, run the host collect protocol bgp command to enable EVN BGP or BGP EVPN to advertise host information.

Example

# Enable EVN BGP or BGP EVPN to advertise host information.

<HUAWEI> system-view
[~HUAWEI] host collect protocol bgp

host ip-conflict-check

Function

The host ip-conflict-check command configures an interval at which IP address conflicts of terminal users are detected and the IP address conflict threshold.

The undo host ip-conflict-check command restores the default interval at which IP address conflicts of terminal users are detected and the default IP address conflict threshold.

By default, IP address conflicts of terminal users are detected at an interval of 180s, and the IP address conflict threshold is 5.

Format

host ip-conflict-check period period-value retry-times times-value

undo host ip-conflict-check [ period period-value retry-times times-value ]

Parameters

Parameter Description Value
period period-value Specifies an interval at which IP address conflicts of terminal users are detected.

The value is an integer ranging from 2 to 36000, in seconds.

retry-times times-value Specifies an IP address conflict threshold.

The value is an integer ranging from 1 to 1000.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On VXLANs, IP address conflicts of terminal users will cause terminal users to fail to go online. Therefore, IP address conflicts must be detected.

By default, IP address conflicts of terminal users are detected at an interval of 180s, and the IP address conflict threshold is 5. To change the detection interval and the IP address conflict threshold, run the host ip-conflict-check period period-value retry-times times-value command. If the IP address conflicts detected outnumber the configured threshold within the configured detection interval, the device generates an alarm.

Precautions

In scenarios where retry-times times-value is set to 1 and period period-value is set to a small value, if a terminal user attempts to go offline from Server A and then go online through Server B but fails to go offline within the detection interval, the device still generates an alarm.

Example

# Set the interval at which IP address conflicts of terminal users are detected to 200s and the IP address conflict threshold to 10.

<HUAWEI> system-view
[~HUAWEI] host ip-conflict-check period 200 retry-times 10

interface mode l2

Function

The interface mode l2 command creates a Layer 2 sub-interface and displays the Layer 2 sub-interface view.

The undo interface command deletes a Layer 2 sub-interface.

By default, no Layer 2 sub-interface is created.

Format

interface interface-type interface-number.subnum mode l2

undo interface interface-type interface-number.subnum

Parameters

Parameter Description Value
interface-type interface-number.subnum Specifies the type and number of a Layer 2 sub-interface. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The Virtual eXtensible Local Area Network (VXLAN) module defines Layer 2 sub-interfaces as service access points. Only Layer 2 sub-interface provide access services. To create a Layer 2 sub-interface, run the interface mode l2 command.

Prerequisites

Before running the interface mode l2 command, ensure that the port link-type dot1q-tunnel command is not run on the Layer 2 interface. If the port link-type dot1q-tunnel command has been run, run the undo port link-type command first to delete the configuration.

Follow-up Procedure

Run the bridge-domain bd-id command to add a created Layer 2 sub-interface to a bridge domain (BD) so that services can be transmitted in the bridge domain.

Precautions

Layer 2 sub-interfaces can only send access packets to bridge domains, not Layer 3 networks. Each Layer 2 sub-interface can be added to only one BD.

Example

# Create a Layer 2 sub-interface 10GE 1/0/1.1.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1.1 mode l2

interface nve

Function

The interface nve command creates a network virtualization edge (NVE) interface or displays an NVE interface view.

The undo interface nve command deletes an NVE interface.

By default, no NVE interfaces are created.

Format

interface nve nve-number

undo interface nve nve-number

Parameters

Parameter Description Value
nve-number Specifies the number of an NVE interface.

The value is an integer that varies according to different devices.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To exert server virtualization advantages, deploy a VXLAN on an NVE interface for multi-tenant access. To create an NVE interface, run the interface nve command.

Example

# Create NVE interface.
<HUAWEI> system-view
[~HUAWEI] interface nve 1

interface vbdif

Function

The interface vbdif command creates a VBDIF interface and displays the VBDIF interface view, or directly displays the VBDIF interface view if the VBDIF interface exists.

The undo interface vbdif command deletes a VBDIF interface.

By default, no VBDIF interface is created.

Format

interface vbdif bd-id

undo interface vbdif bd-id

Parameters

Parameter Description Value
bd-id Specifies a BD ID. The value is an integer ranging from 1 to 16777215.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

IP routes are required for communication between VXLANs on different network segments and between VXLANs and non-VXLANs.

To allow communication between these networks, run the vxlan vni command to map a VNI to a BD in 1:1 mode, run the interface vbdif command to create a VBDIF interface for the BD, and configure an IP address for the BD. As a VBDIF interface is a Layer 3 logical interface similar to a VLANIF interface, it can have an IP address configured.

Prerequisites

A BD has been created using the bridge-domain command.

Follow-up Procedure

Run the ip address command to configure an IP address for a VBDIF interface.

Example

# Create VBDIF10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] quit
[*HUAWEI] interface vbdif 10

import route-policy (BD-EVPN instance view)

Function

The import route-policy command associates an EVPN instance with an import routing policy.

The undo import route-policy command disassociates an EVPN instance with an import routing policy.

By default, an EVPN instance is not associated with any import routing policy.

Format

import route-policy policy-name

undo import route-policy

Parameters

Parameter Description Value
policy-name Specifies the name of a routing policy. The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

BD-EVPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, an EVPN instance matches the export VPN targets of received routes against its import VPN targets to determine whether to import these routes. To control route import more precisely, run the import route-policy policy-name command to associate the EVPN instance with an import routing policy and set attributes for eligible routes.

Prerequisites

An RD has been configured for the EVPN instance using the route-distinguisher route-distinguisher command.

Configuration Impact

If the command is run more than once, the latest configuration overrides the previous one.

Precautions

If the specified routing policy does not exist, run the route-policy command to create the routing policy.

Example

# Associate an EVPN instance with an import routing policy named rp1.

<HUAWEI> system-view
[~HUAWEI] evpn-overlay enable
[*HUAWEI] commit
[~HUAWEI] bridge-domain 100
[*HUAWEI-bd100] vxlan vni 200
[*HUAWEI-bd100] evpn
[*HUAWEI-bd100-evpn] route-distinguisher 100:1
[*HUAWEI-bd100-evpn] import route-policy rp1

import route-policy evpn

Function

The import route-policy evpn command associates the VPN instance IPv4 address family of a VPN instance with an import routing policy to filter routes imported from the EVPN instance.

The undo import route-policy evpn command dissociates the VPN instance IPv4 address family of a VPN instance with an import routing policy.

By default, the VPN instance IPv4 address family of a VPN instance is not associated with any import routing policy.

Format

import route-policy policy-name evpn

undo import route-policy policy-name evpn

Parameters

Parameter Description Value
policy-name Specifies the name of a routing policy. The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

VPN instance view or VPN instance IPv4 address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, the VPN instance IPv4 address family of a VPN instance matches the export VPN targets of received routes against its import VPN targets to determine whether to import these routes. To control route import more precisely, run the import route-policy policy-name evpn command to associate the VPN IPv4 address family with an import routing policy and set attributes for eligible routes.

Prerequisites

An RD has been configured for the VPN instance IPv4 address family using the route-distinguisher route-distinguisher command.

Configuration Impact

If the command is run more than once, the latest configuration overrides the previous one.

The import routing policy configured using the import route-policy policy-name evpn command does not affect the import routing policy applied to the VPN instance using the import route-policy policy-name command.

Precautions

If the specified routing policy does not exist, run the route-policy command to create the routing policy.

Example

# Associate the VPN instance IPv4 address family of a VPN instance named vrf1 with an import routing policy named policy-1 to filter routes received from the EVPN instance.

<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vrf1
[*HUAWEI-vpn-instance-vrf1] ipv4-family
[*HUAWEI-vpn-instance-vrf1-af-ipv4] route-distinguisher 100:1
[*HUAWEI-vpn-instance-vrf1-af-ipv4] import route-policy policy-1 evpn

irb-reoriginated without-bridge-domain disable

Function

The irb-reoriginated without-bridge-domain disable command disables the IRB route re-generation function when BDs are not configured.

The undo irb-reoriginated without-bridge-domain disable command restores the default configuration.

By default, the IRB route re-generation function is enabled when BDs are not configured.

Format

irb-reoriginated without-bridge-domain disable

undo irb-reoriginated without-bridge-domain disable

Parameters

None

Views

Global EVPN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a scenario where segment VXLAN is used for DCI, if DC edge devices (border leaf nodes) do not support BDs, the devices without BD configuration can re-generate IRB routes by default to establish an inter-DC VXLAN tunnel. If edge devices support BDs, to prevent repeat IRB route re-generation, run the evpn command in the system view to display the global EVPN view and then run the irb-reoriginated without-bridge-domain disable command to disable the default IRB route re-generation function when BDs are not configured.

Example

# Disable the IRB route re-generation function when BDs are not configured.

<HUAWEI> system-view
[~HUAWEI] evpn
[*HUAWEI-evpn] irb-reoriginated without-bridge-domain disable

l2 binding vlan

Function

The l2 binding vlan command binds a VLAN to a BD.

The undo l2 binding vlan command cancels the binding relationship between a VLAN and a BD.

By default, a VLAN is not bound to a BD.

Format

l2 binding vlan vlan-id

undo l2 binding vlan vlan-id

Parameters

Parameter Description Value
vlan-id Specifies the VLAN ID. The value is an integer that ranges from 1 to 4094, except the reserved VLAN ID.

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On the VXLAN network, you need to configure VXLAN service access points on a VXLAN network edge node. After you run the l2 binding vlan vlan-id command to bind a VLAN to a BD. The interfaces added to the VLAN become VXLAN service access points.

Prerequisites

The VLAN to be bound to the BD has been created.

Precautions

  • After a VLAN is bound to a BD, you cannot create a VBDIF interface for the BD, and you cannot create a VLANIF interface for the VLAN either.
  • VLAN and BD use 1:1 mapping. That is, a VLAN can be bound to only one BD, and only one VLAN can be bound to a BD.
  • Binding a VLAN to a BD is exclusive with ARP broadcast suppression. After a VLAN is configured as a VXLAN service access point, do not configure ARP broadcast suppression.
  • After a VLAN is bound to a BD, the BD becomes the broadcast domain. Therefore, other service configurations such as DHCP Snooping and IGMP Snooping in the VLAN become invalid.

Example

# Bind VLAN 10 to BD 10.

<HUAWEI> system-view
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] quit
[*HUAWEI] bridge-domain 10
[*HUAWEI-bd10] l2 binding vlan 10

l2vpn-family evpn

Function

The l2vpn-family evpn command enables the BGP-EVPN address family and displays the BGP-EVPN address family view.

The undo l2vpn-family evpn command deletes the BGP-EVPN address family view.

By default, the BGP-EVPN address family is disabled.

Format

l2vpn-family evpn

undo l2vpn-family evpn

Parameters

None

Views

BGP view and BGP multi-instance view

Default Level

2: Configuration level

Usage Guidelines

Before you perform configurations in the BGP-EVPN address family view, run the l2vpn-family evpn command to enable the BGP-EVPN address family and display the BGP-EVPN address family view.

Example

# Enable the BGP-EVPN address family and display the BGP-EVPN address family view.
<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn]
Related Topics

loop-protect l2-subinterface enable

Function

The loop-protect l2-subinterface enable command enables Layer 2 sub-interfaces to inherit the blocked/forwarding status of the main interface.

The undo loop-protect l2-subinterface enable command disables Layer 2 sub-interfaces from inheriting the blocked/forwarding status of the main interface.

By default, Layer 2 sub-interfaces do not inherit the blocked/forwarding status of the main interface.

Format

loop-protect l2-subinterface enable

undo loop-protect l2-subinterface enable

Parameters

None

Views

GE interface view, 10GE interface view, 25GE interface view, 40GE interface view, 100GE interface view, port group view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To prevent or eliminate loops on a complex Layer 2 network, STP, RSTP, or MSTP can be configured on the switch.

Running the stp enable command enables STP/RSTP/MSTP. The devices running STP/RSTP/MSTP discover loops on the network by exchanging information with each other, so that the ring topology can be trimmed into a loop-free tree topology by blocking a certain interface. In this manner, replication and circular propagation of packets are prevented on the network. In addition, the processing performance of devices is prevented from deteriorating.

If you want Layer 2 sub-interfaces to be blocked when their main interface is blocked due to loops, run the loop-protect l2-subinterface enable command to enable the Layer 2 sub-interfaces to inherit the blocked/forwarding status of the main interface.

Prerequisites

Basic STP/RSTP functions have been configured.

Precautions

The loop-protect l2-subinterface enable command can be applied only to STP and RSTP scenarios and cannot work with MSTP, VBST, ERPS, or SMLK. If MSTP, VBST, ERPS, or SMLK is enabled, the device displays an error message when you run the loop-protect l2-subinterface enable command.

Currently, only Layer 2 dot1q and QinQ sub-interfaces can inherit the blocked/forwarding status of the main interface.

Do not run the loop-protect l2-subinterface enable command for a Layer 2 interface in any of the following conditions:
  • The Layer 2 interface is a physical interface and is added to an Eth-Trunk interface.
  • The Layer 2 interface is a physical interface and is added to a Smart Link group.
  • The Layer 2 interface is a physical interface and is added to an ERPS ring.

Example

# Enable the Layer 2 sub-interfaces of the main interface to inherit the blocked/forwarding status of 10GE1/0/1.
<HUAWEI> system-view
[~HUAWEI] stp mode rstp
[*HUAWEI] interface 10GE1/0/1
[*HUAWEI-10GE1/0/1] loop-protect l2-subinterface enable

mac-address (VBDIF interface view)

Function

The mac-address command configures a MAC address for a VBDIF interface.

The undo mac-address command restores the default MAC address of a VBDIF interface.

By default, the MAC address of a VBDIF interface is the system MAC address.

Format

mac-address mac-address

undo mac-address

Parameters

Parameter Description Value
mac-address Specifies a MAC address for a VBDIF interface. The value is a 12-digit hexadecimal number, in the format of H-H-H. Each H is 4 digits. If an H contains fewer than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0. The MAC address cannot be all 0s or 1s or a multicast MAC address.
NOTE:

The CE6870EI supports a maximum of 16 MAC addresses in the range of 0000-5e00-0100 to 0000-5e00-01ff, while the other models support a maximum of 500 any unicast MAC addresses.

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Figure 13-3  Default MAC address of VBDIF interface

By default, VBDIF interfaces of VXLAN Layer 3 gateways use the same MAC address, that is the system MAC address, as shown in Figure 13-3.

On a network with distributed or centralized multi-active VXLAN gateways that need to be simulated into one, you need to run the mac-address command to configure the same MAC address for the VBDIF interfaces of VXLAN Layer 3 gateways. In this way, terminals connect to the same gateway, ensuring normal traffic forwarding and VM migration.

Configuration Impact

After you configure a MAC address for a VBDIF interface, the device will actively send gratuitous ARP packets to update the mapping between MAC addresses and interfaces of other devices.

For CE6855HI, CE6856HI, and CE7855EI switches in dual-active access or multi-active VXLAN gateway scenarios, pay attention to the following:
  • A CE6855HI, CE6856HI, or CE7855EI switch can perform exact matching on the MAC addresses of a maximum of 500 VBDIF interfaces. The switch routes the packets only when the destination MAC addresses in received IP packets match the MAC addresses of the VBDIF interfaces.
  • If more than 500 VBDIF interfaces have MAC addresses configured, the switch performs fuzzy matching on the MAC addresses. The switch routes the packets so long as the destination MAC addresses in received IP packets match the MAC address of any VBDIF interface.
  • When more than 500 VBDIF interfaces have MAC addresses configured, if the device connected to the switch runs the Virtual Router Redundancy Protocol (VRRP), the virtual VRRP MAC address of the device cannot be the same as the MAC address of any VBDIF interface on the switch.

Example

# Configure the MAC address 0009-0009-0009 for VBDIF 10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] quit
[*HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] mac-address 0009-0009-0009

mac-address (NVE interface view)

Function

The mac-address command configures a MAC address for an NVE interface.

The undo mac-address command restores the default MAC address of an NVE interface.

By default, the MAC address of an NVE interface is the system MAC address.

Format

mac-address mac-address

undo mac-address

Parameters

Parameter Description Value
mac-address Specifies the MAC address of an NVE interface. The value is in the format of H-H-H. Each H is a 4-digit hexadecimal number, such as 00e0 or fc01. If you enter fewer than four digits, the system pads 0s before the input digits. For example, if you enter e0, 00e0 is displayed.
NOTE:

The CE6870EI and CE6880EI support the MAC addresses in the range of 0000-5e00-0100 to 0000-5e00-01ff, while the other models support any unicast MAC addresses.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When BGP EVPN is deployed between distributed VXLAN gateways, you need to configure the same VTEP MAC address for the two devices that provide dual-active VXLAN access. In this way, gateways on the VXLAN network can forward traffic properly.

Precautions

  • You can configure different MAC addresses for NVE interfaces on a dual-active VXLAN system consisting of 254 M-LAGs.
  • You can configure a MAC address for only one NVE interface on each device. The configured MAC address takes effect on all the NVEs.
  • When a standalone switch or stack functions as the VXLAN access device, you do not need to configure MAC addresses for NVE interfaces. When an M-LAG functions as the VXLAN access device, you need to configure the same MAC address for NVE interfaces on the M-LAG master and backup devices.
  • When VXLAN dual-active access is configured and the gateways work in loopback mode in a distributed gateway scenario, the NVE interfaces of different M-LAG systems on the network must be configured with different MAC addresses. For example, if devices A and B establish M-LAG system 1 and devices C and D establish M-LAG system 2, the NVE interfaces of M-LAG systems 1 and 2 must be configured with different MAC addresses.

Example

# Set the MAC address of an NVE interface to 0000-5e00-0101.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] mac-address 0000-5e00-0101

mac-address flapping detection exclude bridge-domain

Function

The mac-address flapping detection exclude bridge-domain command configures a VXLAN BD whitelist that does not require MAC address flapping detection.

The undo mac-address flapping detection exclude bridge-domain command deletes a VXLAN BD whitelist that does not require MAC address flapping detection.

By default, the system performs MAC address flapping detection in all VXLAN BDs.

Format

mac-address flapping detection exclude bridge-domain bd-id1 [ to bd-id2 ]

undo mac-address flapping detection exclude bridge-domain { bd-id1 [ to bd-id2 ] | all }

Parameters

Parameter Description Value
bd-id1 [ to bd-id2 ]
Specifies the VXLAN BD whitelist.
  • bd-id1 specifies the first BD ID.
  • bd-id2 specifies the last BD ID. bd-id2 must be greater than or equal to bd-id1. bd-id1 and bd-id2 specify a range of VXLAN BDs.

  • If you do not specify to bd-id2, only one VXLAN BD is specified.

The value is an integer ranging from 1 to 16777215.

all

Deletes all VXLAN BDs that do not require MAC address flapping detection.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, MAC address flapping detection is enabled globally. When a switch is connected to a load balancing server with dual network adapters, the server's MAC address may be learned by two interfaces on the switch. This is a normal situation where MAC address flapping detection is not required.

In this case, you can run the mac-address flapping detection exclude bridge-domain command to add the BD of the server to a whitelist that does not require MAC address flapping detection. If MAC address flapping occurs in this BD, the switch does not send a trap message or record this event.

Precautions

This function cannot be configured in an SVF system consisting of fixed switches that uses the distributed or hybrid forwarding mode.

Example

# Configure the switch not to perform MAC address flapping detection in BD 5 to BD 10.

<HUAWEI> system-view
[~HUAWEI] mac-address flapping detection exclude bridge-domain 5 to 10

mac-address learning disable (BD view)

Function

The mac-address learning disable command disables MAC address learning in a BD.

The undo mac-address learning disable command enables MAC address learning in a BD.

By default, MAC address learning is enabled in a BD.

NOTE:

Only the CE6855HI, CE6856HI, CE6870EI, CE6880EI, and CE7855EI support this command.

Format

mac-address learning disable

undo mac-address learning disable

Parameters

None.

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A VXLAN Layer 3 gateway does not need to learn packets' MAC addresses in a BD. In this case, you can disable MAC address learning in the BD to save MAC address entry resources.

When MAC address learning is enabled in a BD, the interface receiving an Ethernet frame records the source MAC address and the BD ID for which the frame is destined, and adds an entry to the MAC address table. When receiving other Ethernet frames destined for this MAC address, the switch forwards the frames to the corresponding BD based on the MAC address entry. This reduces broadcasts on a network.

After MAC address learning is disabled in the BD, the switch does not learn source MAC addresses of packets received by the BD.

Example

# Disable MAC address learning in BD 2.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 2
[*HUAWEI-bd2] mac-address learning disable

mac-address learning disable (NVE interface view)

Function

The mac-address learning disable command disables MAC address learning on a NVE interface.

The undo mac-address learning disable command enables MAC address learning on a NVE interface.

By default, MAC address learning is enabled on a NVE interface.

Format

mac-address learning disable

undo mac-address learning disable

Parameters

None

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

MAC address learning can be disabled on a NVE interface to save MAC address resources on a stable network.

After you run the mac-address learning disable command to disable MAC address learning on a NVE interface, the switch does not learn MAC addresses from the specified NVE interface any more.

Precautions

When the switch enabled with MAC address learning receives an Ethernet frame, it records the source MAC address and inbound interface of the Ethernet frame in a MAC address entry. When receiving other Ethernet frames destined for this MAC address, the switch forwards the frames through the corresponding outbound interface according to the MAC address entry. MAC address learning reduces broadcasts on a network.

Example

# Disable MAC address learning on a NVE interface.

<HUAWEI> system-view
[~HUAWEI] interface Nve 1 
[*HUAWEI-Nve1] mac-address learning disable

mac-address limit (BD view)

Function

The mac-address limit command configures a rule to limit the number of MAC addresses that can be learned.

The undo mac-address limit command deletes the current MAC address limiting rule.

By default, no MAC address limiting rule is configured.

NOTE:

Only the CE6855HI, CE6856HI, CE6870EI, CE6880EI, and CE7855EI support this command.

Format

mac-address limit { action { discard | forward } | maximum max | alarm { disable | enable } } *

undo mac-address limit [ action { discard | forward } | maximum max | alarm { disable | enable } ] *

Parameters

Parameter Description Value
action { discard | forward }
Indicates the action performed when the number of learned MAC addresses reaches the limit.
  • discard: When the number of learned MAC addresses reaches the limit, the switch discards the packets with new destination MAC addresses.
  • forward: When the number of learned MAC addresses reaches the limit, the switch forwards the packets with new destination MAC addresses but does not add the new MAC addresses to the MAC address table.

The default action is forward.

-
maximum max

Sets the maximum number of MAC addresses that can be learned.

The value is an integer that ranges from 0 to 32767.

When the value is 0, the number of learned MAC addresses is not limited.

alarm Indicates whether an alarm is generated when the number of learned MAC addresses reaches the limit. -
disable Indicates that no alarm is generated when the number of learned MAC addresses reaches the limit. -
enable Indicates that an alarm is generated when the number of learned MAC addresses reaches the limit. -

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An insecure network is subject to MAC address attacks. The capacity of a MAC address table is limited. Therefore, when hackers forge a large quantity of packets with different source MAC addresses and send the packets to a switch, the MAC address table of the switch may reach its full capacity. When the MAC address table is full, the switch cannot learn source MAC addresses of valid packets.

You can run the mac-address limit command to configure a MAC address limiting rule for controlling the access user quantity. To protect the network against MAC address attacks and improve network security, you can also configure the switch to discard packets when the number of learned MAC addresses reaches the limit.

Prerequisites

If MAC addresses have been learned by the switch, run the reset mac-address bridge-domain bd-id command to delete learned MAC addresses. Otherwise, the mac-address limit command cannot control the number of learned MAC addresses accurately.

Precautions

This command is invalid for packets forwarded at Layer 3.

Configuration Impact

The MAC address limiting rule applies to all MAC addresses, including trusted MAC addresses. If a user from an enterprise or a family uses bogus MAC addresses to attack the network, users in the enterprise or family are not allowed to access the network, but other users on the network are not affected.

Example

# Configure interfaces in a BD to learn a maximum of 1000 MAC addresses, forward excess packets with new MAC addresses, and send an alarm.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] mac-address limit action forward maximum 1000 alarm enable

mac-address limit (Layer 2 sub-interface view)

Function

The mac-address limit command configures a MAC address learning limit rule on a Layer 2 sub-interface.

The undo mac-address limit command deletes a MAC address learning limit rule on a Layer 2 sub-interface.

By default, no MAC address learning limit rule is configured on an interface.

Format

mac-address limit { action { discard | forward } | alarm { disable | enable } | maximum max } *

undo mac-address limit

Parameters

Parameter Description Value
action { discard | forward }
Specifies an action to be taken when the number of MAC address entries in the MAC address table reaches the limit:
  • discard: The packet with the source MAC address not contained in the MAC address table is discarded.
  • forward: The packet with the source MAC address not contained in the MAC address table is forwarded but its MAC address is not recorded.

By default, the system takes the discard action when the number of MAC address entries in the MAC address table reaches the limit.

NOTE:
CE6870EI does not support the parameter.
alarm { disable | enable }
Specifies whether an alarm is generated when the number of the MAC address entries in the MAC address table reaches the limit.
  • disable: No alarm is generated.
  • enable: An alarm is generated.

By default, an alarm is generated when the number of the MAC address entries in the MAC address table reaches the limit.

maximum max

Specifies the maximum number of MAC address entries that can be learned.

The value is a decimal integer ranging from 0 to 32767. When the value is 0, no limitation is set on the address learning number.

Views

Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The mac-address limit command limits the number of access users and prevents attacks to the MAC address tables. You can enable the function to improve network security.

Precautions

This command is invalid for packets forwarded at Layer 3.

Example

# Set the maximum number of MAC addresses that can be learned by 10GE1/0/2.1 to 30. Configure the device to generate an alarm when the number learned of MAC addresses reaches the limit.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/2.1 mode l2
[*HUAWEI-10GE1/0/2.1] mac-address limit alarm enable maximum 30

mac-address static bridge-domain

Function

The mac-address static bridge-domain command specifies a static MAC address used to forward packets in a bridge domain (BD).

The undo mac-address static bridge-domain command deletes a static MAC address used to forward packets in a bridge domain.

By default, no static MAC address entry is configured in a bridge domain.

Format

mac-address static mac-address interface-type interface-number.subnum bridge-domain bd-id

undo mac-address [ mac-address ] bridge-domain bd-id

undo mac-address static [ mac-address interface-type interface-number.subnum ] bridge-domain bd-id

Parameters

Parameter Description Value
mac-address Specifies a destination MAC address in a static MAC address entry. The value is in the format of H-H-H. Each H is a 4-bit hexadecimal number, such as 00e0 or fc01. If an H contains less than 4 bits, 0s are padded ahead. For example, an H is e0. It is displayed as 00e0 in the MAC address. The MAC address cannot be a broadcast MAC address (FFFF-FFFF-FFFF) or a multicast MAC address (the eighth bit is 1).
interface-type interface-number.subnum

Specifies the type and number of a Layer 2 sub-interface added to a bridge domain.

interface-type must be an Ethernet type.
bridge-domain bd-id

Specifies the ID of a bridge domain.

The value is an integer ranging from 1 to 16777215.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • MAC address table capacity attack

    An attacker sends packets with changing source MAC addresses to a device. Upon receipt, the device learns the MAC addresses and adds them to MAC address tables. After the number of learned MAC addresses in the MAC address table reaches the upper limit, the device cannot learn MAC addresses in valid packets. The attack packets are broadcast in a bridge domain, which consumes network bandwidth resources and burdens hosts attached to the device.

  • MAC address entry attack

    A device learns MAC addresses and adds MAC address entries to a MAC address table. The device cannot identify whether packets are from authorized users or hackers, which brings security threats. If hackers set the source MAC addresses of attack packets to the MAC addresses of authorized users and access a device through other interfaces, the device learns incorrect MAC address entries. As a result, the packets that should be forwarded to authorized users are forwarded to hackers.

To improve traffic security on an interface, you can run the mac-address static bridge-domain command to add a specified MAC address to a MAC address table so that a user device is bound to a device interface, which prevents hackers from obtaining user data.

Prerequisites

  • Static MAC addresses of the devices have been obtained on the network.
  • A Layer 2 sub-interface has been created and added to a BD, and encapsulation type has been specified for the sub-interface.

Precautions

Manually configured MAC address entries take precedence over dynamically generated entries. Static and blackhole MAC address entries can overwrite dynamic MAC address entries, but cannot be overwritten by dynamic MAC address entries.

The configured static MAC address entry cannot age. After a device receives a frame with the specified static MAC address, the device forwards the frame through the specified outbound interface. The configured static MAC address entry will not be lost even if the device is reset.

Example

# Enable a device to forward packets destined for MAC address 4-4-4 through outbound interface 10GE1/0/1.1 with dot1q encapsulation in bridge domain 10.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] quit
[*HUAWEI] interface 10ge 1/0/1.1 mode l2
[*HUAWEI-10GE1/0/1.1] bridge-domain 10
[*HUAWEI-10GE1/0/1.1] encapsulation dot1q vid 10
[*HUAWEI-10GE1/0/1.1] quit
[*HUAWEI] mac-address static 4-4-4 10ge 1/0/1.1 bridge-domain 10

mac-address static vni

Function

The mac-address static vni command configures a static MAC entry for a VXLAN tunnel.

The undo mac-address static vni command deletes a static MAC entry of a VXLAN tunnel.

By default, no static MAC entry is configured for any VXLAN tunnel.

Format

mac-address static mac-address bridge-domain bd-id source source-ip-address peer peer-ip vni vni-id

undo mac-address static mac-address bridge-domain bd-id [ source source-ip-address ] [ peer peer-ip ] [ vni vni-id ]

Parameters

Parameter Description Value
mac-address Specifies a destination MAC address. The value is a 12-digit hexadecimal number, in the format of H-H-H. Each H is 4 digits. If an H contains fewer than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0.
bridge-domain bd-id Specifies a BD to which a VNI is to be mapped. The value is an integer ranging from 1 to 16777215.
source source-ip-address Specifies the IP address of a local VTEP. The value is in dotted decimal notation.
peer peer-ip Specifies the IP address of a remote VTEP. The value is in dotted decimal notation.
vni-id Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the source NVE on a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, the local VTEP sends a copy of the BUM packets to every VTEP in the ingress replication list with the same VNI. To reduce the volume of broadcast traffic, run the mac-address static vni command to configure a static MAC entry for forwarding traffic. This configuration also prevents unauthorized data access from bogus users, enhancing network security.

Prerequisites

VXLAN tunnels have been established.

Precautions

Before running the mac-address static vni command, the network administrator must know the MAC addresses of network devices that need static MAC entries for communication. If the configured static MAC entries are incorrect, communication may be interrupted for authorized users.

Example

# Configure a static MAC entry with the destination MAC address of aa-fcc-12 for a VXLAN tunnel.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] vxlan vni 5000
[*HUAWEI-bd10] quit
[*HUAWEI] interface nve 1
[*HUAWEI-Nve1] source 1.1.1.1
[*HUAWEI-Nve1] vni 5000 head-end peer-list 2.2.2.2
[*HUAWEI-Nve1] quit
[*HUAWEI] mac-address static aa-fcc-12 bridge-domain 10 source 1.1.1.1 peer 2.2.2.2 vni 5000

mac-limit (EVN BGP view)

Function

The mac-limit command limits the number of MAC advertisement routes received from a peer.

The undo mac-limit command restores the default configuration.

By default, the number of MAC advertisement routes received from a peer is not limited.

Format

mac-limit per-peer number [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

undo mac-limit per-peer

Parameters

Parameter Description Value
per-peer number Specifies the maximum number of MAC advertisement routes received from a peer. The value is an integer that ranges from 1 to 4294967295.
percentage Specifies the percentage of routes when the device starts to generate an alarm. When the number of MAC advertisement routes received from a peer exceeds (number × percentage) divided by 100, the device starts to generate an alarm. The value is an integer that ranges from 1 to 100. The default value is 75.
alert-only Indicates that the device only generates an alarm when the percentage of routes reaches the specified value and does not receive any routes. -
idle-forever Indicates that the connection is interrupted and will not be automatically re-established when the percentage of routes reaches the specified value. -
idle-timeout times Specifies a timer for automatically re-establishing a terminated connection when the percentage of routes reaches the specified value. No connection will be automatically re-established before the timer expires. The value is an integer that ranges from 1 to 1200, in minutes.

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An EVN instance may import many unused MAC advertisement routes from some peers. It is recommended that you run this command when the number of received MAC advertisement routes from the peers occupies a large percentage of the total number of MAC advertisement routes on the device. After you run this command, the device generates an alarm when the number of received MAC advertisement routes from a peer exceeds the predefined value. The alarm alerts you to check validity of MAC advertisement routes received by the EVN instance.

Precautions

After the command is configured, an EVN instance may discard excess route prefixes.

If the number of MAC advertisement routes exceeds the predefined value, you can run the undo mac-limit per-peer command. The device then receives route prefixes from each PE device and adds them to the EVN BGP routing table.

Example

# Configure the device only to generate an alarm when the number of MAC advertisement routes exceeds 1000.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] mac-limit per-peer 1000 alert-only

mac-route no-advertise

Function

The mac-route no-advertise command disables local MAC routes from being advertised.

The undo mac-route no-advertise command cancels the configuration.

By default, local MAC routes can be advertised.

Format

mac-route no-advertise

undo mac-route no-advertise

Parameters

None

Views

BD-EVPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In VXLAN Layer 3 gateway scenarios where Layer 2 unicast traffic forwarding is not involved, to disable local MAC routes from being advertised, run the mac-route no-advertise command. This configuration prevents an EVPN peer gateway from receiving MAC routes, therefore saving memory resources.

Precautions

The mac-route no-advertise command disables MAC routes learned within BDs from being advertised based on VXLAN Network Identifiers (VNIs).

Example

# Disable local MAC routes from being advertised.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[~HUAWEI-bd10] vxlan vni 20
[~HUAWEI-bd10] evpn
[*HUAWEI-bd10-evpn] mac-route no-advertise

mode l3

Function

The mode l3 command configures a network virtualization edge (NVE) interface to work in Layer 3 mode.

The undo mode l3 command restores the default working mode of an NVE interface.

By default, an NVE interface works in Layer 2 mode.

NOTE:
CE6880EI does not support the command.

Format

mode l3

undo mode l3

Parameters

None

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a distributed VXLAN gateway scenario in which tenants are located on different networks, VXLAN tunnel information must be configured on NVE interfaces in Layer 3 mode. By default, an NVE interface works in Layer 2 mode. Before deploying a VXLAN tunnel, run the mode l3 command to configure an NVE interface to work in Layer 3 mode.

Precautions

Only one NVE interface on a device can work in Layer 3 mode.

Example

# Configure NVE1 to work in Layer 3 mode.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] mode l3

mtu (VBDIF interface view)

Function

The mtu command sets the maximum transmission unit (MTU) for a VBDIF interface.

The undo mtu command restores the MTU of a VBDIF interface to the default setting.

By default, the MTU is 1500 bytes.

Format

mtu mtu

undo mtu

Parameters

Parameter Description Value
mtu

Specifies the MTU of a VBDIF interface.

Generally, it is recommended that you adopt the default MTU value of 1500 bytes. Some protocols have requirements for the minimum packet size. If the MTU is set to a value smaller than the minimum packet size, the neighbor relationship of a specified protocol may fail to be established.

The value is an integer ranging from 46 to 9216, in bytes.

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Generally, the IP layer controls the maximum length of frames that are sent each time. Any time the IP layer receives an IP packet to be sent, it checks which local interface the packet needs to be sent to and queries the MTU of the interface. Then, the IP layer compares the MTU with the packet length to be sent. If the packet length is greater than the MTU, the IP layer fragments the packet to ensure that the length of each fragment is smaller or equal to the MTU.

If forcible unfragmentation is configured, certain packets are lost during data transmission at the IP layer. To ensure jumbo packets are not dropped during transmission, you need to configure forcible fragmentation. In this case, you can run the mtu command to set the size of a fragment.

Configuration Impact

If the MTU is set too small and the size of packets is quite large, packets are fragmented into a great number of fragments, and therefore are discarded by QoS queues.

Precautions

After using the mtu command to change the MTU of a VBDIF interface, you need to change the MTU of the peer VBDIF interface to ensure that the MTUs of both interfaces are the same. Otherwise, services may be interrupted.

For the CE6880EI, after the ip fragment enable command is run to enable the IPv4 packet fragmentation function and a Layer 3 main interface is created on the physical interface or Eth-Trunk of the Layer 2 sub-interface in the BD, the MTU of the Layer 3 main interface takes effect and the MTU of the corresponding VBDIF interface is no longer effective.

Example

# Set the MTU of a VBDIF interface to 1400.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] quit
[*HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] mtu 1400

peer advertise

Function

The peer advertise command configures a device to advertise ARP or integrated routing and bridging (IRB) routes to its BGP EVPN peers.

The undo peer advertise command restores the default configuration.

By default, a device cannot advertise ARP or IRB routes to its BGP EVPN peers.

Format

peer { ipv4-address | group-name } advertise { arp | irb }

undo peer { ipv4-address | group-name } advertise { arp | irb }

Parameters

Parameter Description Value
ipv4-address Specifies the IPv4 address of a BGP EVPN peer. The value is in dotted decimal notation.
group-name Specifies the name of a BGP EVPN peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
arp Configures a device to advertise ARP routes to its BGP EVPN peers. -
irb Configures a device to advertise IRB routes to its BGP EVPN peers. -

Views

BGP-EVPN address family view, BGP-EVPN multi-instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To allow a device to advertise ARP or IRB routes to its BGP EVPN peers, run the peer advertise command. This command allows VTEPs to establish VXLAN tunnels and implements ARP broadcast suppression on networks. If you specify irb, VTEPs can also transmit host routes.

Precautions

You cannot specify both arp and irb in the same BGP-EVPN address family view.

A segment VXLAN scenario for DCI supports only Layer 3 traffic forwarding, meaning that only the peer { ipv4-address | group-name } advertise irb command is required to advertise IRB routes.

Example

# Configure a device to advertise ARP routes to its BGP EVPN peers.

<HUAWEI> system-view
[~HUAWEI] bgp 100 
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn] peer 1.1.1.1 advertise arp

peer advertise remote-nexthop

Function

The peer advertise remote-nexthop command configures a device to advertise the remote-nexthop attribute to an IBGP peer or a peer group.

The undo peer advertise remote-nexthop command restores the default configuration.

By default, a device does not advertise the remote-nexthop attribute to any IBGP peer or peer group.

Format

peer { group-name | ipv4-address } advertise remote-nexthop

undo peer { group-name | ipv4-address } advertise remote-nexthop

Parameters

Parameter Description Value
group-name Specifies the name of a peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
ipv4-address Specifies the IP address of an IBGP peer. The value is in dotted decimal notation.

Views

BGP-VPNv4 address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To configure a device to advertise the remote-nexthop attribute to an IBGP peer or a peer group, run the peer advertise remote-nexthop command. The attribute carries tunnel address, L3VPN VNI, and MAC address information. The information can be used to establish a Layer 3 VXLAN tunnel in a VXLAN distributed gateway scenario so that Layer 2 devices can communicate with each other.

On the network shown in Figure 13-4, server 1 and server 2 reside on different network segments. After an MP-IBGP connection is established between Switch 1 and Switch 3, between Switch 1 and Switch 4, between Switch 2 and Switch 3, and between Switch 2 and Switch 4, the peer advertise remote-nexthop command is run on the four devices. Then, they can obtain tunnel address, L3VPN VNI, and MAC address information and advertise the information to their IBGP peers. With the information, a Layer 3 VXLAN tunnel can be established for Layer 2 devices on different network segments to communicate with each other.

Figure 13-4  VXLAN distributed gateway

Prerequisites

VXLAN Layer 2 and Layer 3 networks have been configured. For configuration details, see VXLAN Configuration.

Example

# Configure a device to advertise the remote-nexthop attribute to an IBGP peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] ipv4-family vpnv4
[*HUAWEI-bgp-af-vpnv4] peer 1.1.1.1 advertise remote-nexthop

peer advertise route-reoriginated

Function

The peer advertise route-reoriginated command enables a device to re-encapsulate EVPN routes and then advertise them to BGP EVPN peers.

The undo peer advertise route-reoriginated command restores the default configuration.

By default, a device does not re-encapsulate EVPN routes or advertise regenerated EVPN routes to BGP EVPN peers.

Format

peer { ipv4-address | group-name } advertise route-reoriginated evpn { mac-ip | ip }

undo peer { ipv4-address | group-name } advertise route-reoriginated evpn { mac-ip | ip }

Parameters

Parameter Description Value
ipv4-address Specifies the IPv4 address of a BGP EVPN peer. The value is in dotted decimal notation.
group-name Specifies the name of a BGP EVPN peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
evpn Re-encapsulates the received EVPN routes. -
mac-ip Re-encapsulates the IRB or ARP routes in the received EVPN routes. -
ip Re-encapsulates the IP prefix routes in the received EVPN routes. -

Views

BGP-EVPN address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a segment VXLAN scenario for DCI, to allow VMs in different DCs to communicate with each other, run the peer advertise route-reoriginated command on a DC edge device connecting to a carrier backbone network. The edge device then re-encapsulates the EVPN routes received from one DC and sends them to BGP EVPN peers in another DC.

After receiving an EVPN route from a DC, an edge leaf node re-encapsulates the EVPN route as follows: Modifies the next hop address of the EVPN route as its own VTEP address, replaces the source MAC address (functioning as the gateway MAC address) of the host route contained in the EVPN route with its own MAC address, and replaces the L3VNI in the EVPN route with the L3VNI in the edge leaf's L3VPN instance.

Prerequisites

The device has been enabled to add a regeneration flag to the routes received from BGP EVPN peers using the peer { ipv4-address | group-name } import reoriginate command.

Precautions

A segment VXLAN scenario for DCI supports only Layer 3 traffic forwarding, meaning that only the peer { ipv4-address | group-name } advertise irb command is required to advertise IRB routes.

Example

# Enable a device to advertise regenerated IRB or ARP routes to a BGP EVPN peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn] peer 1.1.1.1 advertise route-reoriginated evpn mac-ip

# Enable a device to advertise regenerated IP prefix routes to a BGP EVPN peer.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn] peer 2.2.2.2 advertise route-reoriginated evpn ip

peer (EVN BGP view)

Function

The peer command creates an EVN BGP peer.

The undo peer command deletes an EVN BGP peer.

By default, no EVN BGP peer is created.

Format

peer ip-address

undo peer ip-address

Parameters

Parameter Description Value
ip-address Specifies the IP address of an EVN BGP peer. The value is in dotted decimal notation.

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To advertise EVN routes between PE devices on an EVN network, run the peer ip-address command to create EVN BGP peers between two PE devices or between a PE device and a route reflector (RR).

Precautions

The ip-address parameter specifies the source IP address configured on a remote PE device using the source-address command.

Example

# Set the IP address of an EVN BGP peer to 10.1.1.1.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] peer 10.1.1.1

peer import reoriginate

Function

The peer import reoriginate command enables a device to add a regeneration flag to the routes received from BGP EVPN peers.

The undo peer import reoriginate command restores the default configuration.

By default, a device does not add a regeneration flag to the routes received from BGP EVPN peers.

Format

peer { ipv4-address | group-name } import reoriginate

undo peer { ipv4-address | group-name } import reoriginate

Parameters

Parameter Description Value
ipv4-address Specifies the IPv4 address of a BGP EVPN peer. The value is in dotted decimal notation.
group-name Specifies the name of a BGP EVPN peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

BGP-EVPN address family view

Default Level

2: Configuration level

Usage Guidelines

DCI enables inter-DC VM communication. It uses technologies, such as VXLAN and BGP EVPN, to securely and reliably transmit packets from DCs over carrier networks.

In a segment VXLAN scenario for DCI, an edge node that connects to a carrier network does not re-encapsulate the routes received from BGP EVPN peers, causing the EVPN routes to be terminated on the edge node. As a result, the EVPN routes from one DC cannot be advertised to the BGP EVPN peers of another DC. To address this problem, run the peer import reoriginate command to enable the edge node to add a regeneration flag to the routes received from BGP EVPN peers. The edge node then re-encapsulates the EVPN routes received from one DC before sending them to another DC for inter-DC VM communication.

Example

# Enable a device to add a regeneration flag to the routes received from BGP EVPN peers.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn] peer 1.1.1.1 import reoriginate

peer mac-limit (BGP EVPN view)

Function

The peer mac-limit command configures the maximum number of MAC advertisement routes allowed to be received from a peer.

The undo peer mac-limit command restores the default configuration.

By default, the number of MAC advertisement routes allowed to be received from a peer is not limited.

Format

peer { group-name | ipv4-address } mac-limit number [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

undo peer { group-name | ipv4-address } mac-limit

Parameters

Parameter Description Value
group-name Specifies the name of a peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
ipv4-address Specifies the IPv4 address of a peer. The value is in dotted decimal notation.
number Specifies the maximum number of MAC advertisement routes allowed to be received from a peer. The value is an integer ranging from 1 to 4294967295.
percentage Specifies a percentage of MAC advertisement routes for the device to generate an alarm. If the number of MAC advertisement routes received from a peer exceeds (number × percentage)/100, the device generates an alarm. The value is an integer ranging from 1 to 100. The default value is 75.
alert-only Indicates that an alarm will be generated and additional routes will be denied if the maximum number of routes allowed have been received. -
idle-forever Indicates that a connection that is interrupted after the maximum number of routes allowed have been received cannot be automatically re-established. -
idle-timeout times Specifies a timer for re-establishing a connection if the connection is interrupted after the maximum number of routes allowed have been received. Before the timer expires, the system does not re-establish a connection. The value is an integer ranging from 1 to 1200, in minutes.

Views

BGP-EVPN address family view, BGP-EVPN multi-instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an EVPN instance may import many invalid MAC advertisement routes from peers and these routes occupy a large proportion of the total number of MAC advertisement routes, run the peer mac-limit command to configure the maximum number of MAC advertisement routes allowed to be received from each peer.

Configuration Impact

After this command is run, excess route prefixes of the EVPN instance may be discarded.

If the undo peer mac-limit command is run after the received MAC advertisement routes exceed the specified maximum number, the system receives route prefixes from PEs again to construct the BGP EVPN routing table.

Example

# Configure a device only to generate an alarm when more than 1000 MAC advertisement routes are received.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn]peer 2.2.2.2 mac-limit 1000 alert-only

peer next-hop-invariable (BGP-EVPN address family view)

Function

The peer next-hop-invariable command provides the following functions:
  • Allows a BGP EVPN speaker to keep the next hops of routes unchanged when the speaker advertises these routes to EBGP EVPN peers.

  • Allows a BGP EVPN speaker to apply the original next hops of locally imported routes when the speaker advertises these routes to IBGP EVPN peers.

The undo peer next-hop-invariable command restores the default configuration.

By default:
  • A BGP EVPN speaker changes the next hops of routes to the interface that it uses to establish EBGP EVPN peer relationships before advertising these routes to EBGP EVPN peers.

  • A BGP EVPN speaker does not change the next hops of routes imported from EBGP EVPN when advertising these routes to IBGP EVPN peers.

  • An RR does not change the next hops of routes imported from IBGP EVPN when advertising these routes to IBGP EVPN peers.

  • A BGP EVPN speaker changes the next hops of routes to the interface that it uses to establish IBGP EVPN peer relationships before advertising these routes to IBGP EVPN peers.

Format

peer { ipv4-address | group-name } next-hop-invariable

undo peer { ipv4-address | group-name } next-hop-invariable

Parameters

Parameter Description Value
ipv4-address Specifies the IPv4 address of a BGP EVPN peer. The value is in dotted decimal notation.
group-name Specifies the name of a BGP EVPN peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

BGP-EVPN address family view, BGP multi-instance EVPN address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When VTEPs are indirectly connected, run the peer next-hop-invariable command on a VTEP to configure it not to change the next hops of routes when advertising these routes to its BGP EVPN peers.

Example

# Configure a device not to change the next hops of routes when advertising these routes to its BGP EVPN peers.

<HUAWEI> system-view
[~HUAWEI] bgp 100 
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn] peer 1.1.1.1 next-hop-invariable

peer reflect-client (EVN BGP view)

Function

The peer reflect-client command configures the local device as the route reflector (RR) and its peer as the client.

The undo peer reflect-client command cancels the configuration.

By default, the RR and its client are not configured.

Format

peer ipv4-address reflect-client

undo peer ipv4-address reflect-client

Parameters

Parameter Description Value
ipv4-address Specifies the IPv4 address of the peer. The value is in dotted decimal notation.

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

On an EVN network, you need to create EVN BGP peers between two PE devices. If there are a large number of PE devices on the network, the number of EVN BGP peers is huge. Assume that there are n PE devices, the number of EVN BGP peers is n(n-1)/2. This consumes many network and CPU resources. Route reflection can be used to solve the problem.

Run the server enable or peer reflect-client command to configure one device on the EVN network as the RR. PE devices only need to establish EVN BGP peer relationships with the RR. The RR transmits or reflects routes among clients, but the clients do not need to establish EVN BGP peer relationships with each other. If there are n PE devices and one RR on the network, and all the PE devices are RR clients, the number of EVN BGP peers to be established is n. This reduces consumption of network and CPU resources.

Both the server enable and peer reflect-client commands can be used to configure an RR. Their differences are as follows:
  • server enable: dynamically configures an RR. All PE devices that have established peer relationships with the RR can become the RR clients after you run this command.

  • peer reflect-client: configures an RR statically. Only the specified peers can become the RR clients after you run this command. In addition, if you want to configure a PE device on the network as the RR, you must run the peer reflect-client command on the PE device.

Example

# Configure an EVN BGP peer as the client of the RR.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp]  peer 10.1.1.2 reflect-client

peer route-policy (BGP-EVPN address family view)

Function

The peer route-policy command specifies a routing policy for routes received from or to be advertised to a BGP EVPN peer or peer group.

The undo peer route-policy command deletes a specified routing policy.

By default, no routing policy is specified for routes received from or to be advertised to a specified BGP EVPN peer or peer group.

Format

peer { group-name | ipv4-address } route-policy route-policy-name { import | export }

undo peer { group-name | ipv4-address } route-policy route-policy-name { import | export }

Parameters

Parameter Description Value
group-name Specifies the name of a BGP EVPN peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
ipv4-address Specifies the IPv4 address of a BGP EVPN peer. The value is in dotted decimal notation.
route-policy-name Specifies the name of a routing policy. The name is a string of 1 to 200 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
import Applies the routing policy to routes received from a BGP EVPN peer or peer group. -
export Applies the routing policy to routes to be advertised to a BGP EVPN peer or peer group. -

Views

BGP-EVPN address family view, BGP-EVPN multi-instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To use a routing policy to filter routes received from or to be advertised to a specified BGP EVPN peer or peer group, run the peer route-policy command. This configuration helps manage routes and reduce required routing entries and system resources.

Prerequisites

BGP EVPN peers or peer groups have been configured to exchange EVPN routes using the peer { group-name | ipv4-address } enable command.

Configuration Impact

After a routing policy is specified for a BGP EVPN peer group, all members in the group use the routing policy.

Precautions

If the command specifies a routing policy that does not exist, use the route-policy command to create the routing policy.

Example

# Apply a routing policy named test-rp to routes received from the BGP EVPN peer at 1.1.1.9.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] peer 1.1.1.9 as-number 200
[*HUAWEI-bgp] l2vpn-family evpn
[*HUAWEI-bgp-af-evpn] peer 1.1.1.9 enable
[*HUAWEI-bgp-af-evpn] peer 1.1.1.9 route-policy test-rp import

peer (all-active gateway view)

Function

The peer command configures an all-active gateway peer.

The undo peer command deletes an all-active gateway peer.

By default, no all-active gateway peer is configured.

Format

peer ip-address [ vpn-instance vpn-instance-name ]

undo peer [ ip-address [ vpn-instance [ vpn-instance-name ] ] ]

Parameters

Parameter

Description

Value

ip-address

Specifies the IP address of an all-active gateway peer.

The value is in dotted decimal notation, and a valid unicast address except 127.X.X.X.

vpn-instance vpn-instance-name

Specifies the name of a VPN instance.

The VPN instance must already exist.

Views

All-active gateway view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After you run the active-active-gateway command on a gateway to enter the all-active gateway view, you can run the peer command to specify IP addresses of all-active gateway peers. After you run the peer command on multiple all-active gateways, the all-active gateways can establish neighbor relationships.

Prerequisites
  • A VPN instance has been configured if you want to specify all-active gateway peers in a VPN instance.

  • There is a reachable route between the IP address of the all-active gateway peer specified by the peer command and the source address specified by the source ip command.

Precautions

You can specify a maximum of 15 IP addresses for all-active gateway peers in the all-active gateway view of a DFS group. The IP address of an all-active gateway peer cannot be the same as the IP address of the management interface on the local gateway.

Example

# Set the IP address of an all-active gateway peer in a DFS group to 10.2.2.2.

<HUAWEI> system-view
[~HUAWEI] dfs-group 1
[*HUAWEI-dfs-group-1] active-active-gateway
[*HUAWEI-dfs-group-1-active-active-gateway] peer 10.2.2.2

port nvo3 mode access

Function

The port nvo3 mode access command sets a port mode to VXLAN access, so that the port can send common IP packets with the destination UDP port number of VXLAN packets (defaults to 4789) to the VXLAN.

The undo port nvo3 mode access command restores the default port mode.

By default, the port mode is not set to VXLAN access, that is, the port cannot send common IP packets with the destination UDP port number of VXLAN packets (defaults to 4789) to the VXLAN.

NOTE:

The CE6870EI and CE6880EI do not support this command.

Format

port nvo3 mode access

undo port nvo3 mode access

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, a VXLAN network access device cannot encapsulate IP packets received from VMs using the VXLAN protocol to send them to the VXLAN. Usually, the packets carry the destination UDP port number of VXLAN packets (defaults to 4789). You can configure the port nvo3 mode access command on the ports connected to VMs to solve the problem.

Precautions

After the port nvo3 mode access command is configured on a port, the port cannot decapsulate received packets using the VXLAN protocol. Therefore, this command can only be used on ports connected to VMs.

Example

# Set the mode of 100GE1/0/1 to VXLAN access.

<HUAWEI> system-view
[~HUAWEI] interface 100ge 1/0/1
[*HUAWEI-100GE1/0/1] port nvo3 mode access

refresh bgp evpn

Function

The refresh bgp evpn command configures BGP EVPN soft reset to allow BGP EVPN connections to be softly reset.

Format

refresh bgp [ instance instance-name ] evpn { all | peer-address | group group-name } { export | import }

Parameters

Parameter Description Value
instance instance-name Specifies the name of a BGP instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
all Softly resets all BGP EVPN connections. -
peer-address Specifies a BGP EVPN peer IP address. The value is in dotted decimal notation.
group group-name Specifies the name of a peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
export Softly resets BGP EVPN connections in the outbound direction. -
import Softly resets BGP EVPN connections in the inbound direction. -

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To softly reset BGP EVPN connections, run the refresh bgp evpn command. BGP EVPN soft reset allows the system to refresh a BGP EVPN routing table without tearing down the BGP EVPN connections and to apply a new filtering policy.

Prerequisites

The route-refresh function has been enabled for BGP EVPN peers.

Example

# Softly reset all BGP EVPN connections in the inbound direction so that new configurations can take effect.

<HUAWEI> refresh bgp evpn all import

refresh evn bgp

Function

The refresh evn bgp command soft resets an EVN BGP connection.

Format

refresh evn bgp { all | ipv4-address } { export | import }

Parameters

Parameter Description Value
all Soft resets all the EVN BGP connections. -
ipv4-address Specifies the IP address of an EVN BGP peer. The value is in dotted decimal notation.
export Triggers soft reset in the outbound direction. -
import Triggers soft reset in the inbound direction. -

Views

User view

Default Level

3: Management level

Usage Guidelines

You can run the refresh evn bgp command to soft reset an EVN BGP connection. EVN BGP soft reset can update the EVN BGP routing table without interrupting an EVN BGP connection and apply new filter policies.

Example

# Soft reset all EVN BGP connections in the inbound direction to make new configurations take effect.

<HUAWEI> refresh evn bgp all import

reset arp openflow

Function

The reset arp openflow command deletes a device's ARP entries that are generated based on an AC controller-delivered OpenFlow flow tables.

Format

reset arp openflow [ vni vni-id ip ip-address ]

Parameters

Parameter Description Value
vni vni-id Deletes ARP entries with a specified VNI.

The value is an integer ranging from 1 to 16000000.

ip ip-address Deletes an ARP entry with a specified IP address. The value is in dotted decimal notation.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an AC controller is unreachable or a VXLAN tunnel is deleted, the ARP entries that are generated based on the AC controller-delivered OpenFlow flow tables will unexpectedly remain. To delete these ARP entries, run the reset arp openflow command.

Precautions

After the reset arp openflow command is run, the ARP entries that are generated based on an AC controller-delivered OpenFlow flow tables are all deleted and cannot be restored. Therefore, exercise caution when running the reset arp openflow command.

Example

# Delete a device's ARP entries that are generated based on an AC controller-delivered OpenFlow flow tables.

<HUAWEI> reset arp openflow

reset arp packet statistics bridge-domain

Function

The reset arp packet statistics bridge-domain command clears statistics about ARP packets in a bridge domain (BD).

Format

reset arp packet statistics bridge-domain bd-id

Parameters

Parameter Description Value
bridge-domain bd-id Clears statistics about ARP packets in a BD with a specified ID. The value is an integer ranging from 1 to 16777215.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To collect correct ARP packet statistics within a specified period in a BD, run the reset arp packet statistics bridge-domain command to delete existing ARP packet statistics.

Precautions

After the reset arp packet statistics bridge-domain command is run, statistics about the ARP packets sent and received in the BD will be cleared and cannot be restored. Exercise caution when running this command.

Example

# Clear statistics about ARP packets in BD 10.

<HUAWEI> reset arp packet statistics bridge-domain 10

reset bridge-domain statistics

Function

The reset bridge-domain statistics command clears traffic statistics of a BD.

Format

reset bridge-domain bd-id statistics

Parameters

Parameter Description Value
bd-id Clears traffic statistics of a specified bridge domain ID. The value is an integer ranging from 1 to 16777215.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Before you collect traffic statistics within a specified period for a BD, run the reset bridge-domain statistics command to clear existing statistics so that traffic statistics can be collected again, ensuring that the statistics are correct.

Prerequisites

A BD has been created using the bridge-domain bd-id command in the system view.

Precautions

Traffic statistics of a BD are cleared and cannot be restored. Exercise caution when running the reset bridge-domain statistics command.

Example

# Clear traffic statistics of BD 10.

<HUAWEI> reset bridge-domain 10 statistics

reset bgp evpn

Function

The reset bgp evpn command resets a specified or all BGP EVPN connections.

Format

reset bgp [ instance instance-name ] evpn { all | as-number-plain | as-number-dot | ipv4-address | group group-name }

Parameters

Parameter Description Value
instance instance-name Specifies the name of a BGP instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
all Resets all BGP EVPN connections. -
as-number-plain Specifies an integral AS number. The value is an integer ranging from 1 to 4294967295.
as-number-dot Specifies an AS number in dotted notation. The value is in the format of x.y, where x and y are integers ranging from 1 to 65535 and from 0 to 65535, respectively.
ipv4-address Specifies a BGP EVPN peer IP address. The value is in dotted decimal notation.
group group-name Resets BGP connections of the specified peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To reset all BGP EVPN connections, run the reset bgp evpn all command.

Configuration Impact

This command resets all TCP connections established between BGP EVPN peers and therefore results in the re-establishment of BGP EVPN peer relationships. Exercise caution when running this command.

Example

# Reset all BGP EVPN connections.

<HUAWEI> reset bgp evpn all

reset evn bgp

Function

The reset evn bgp command resets a specified EVN BGP connection.

Format

reset evn bgp { all | ipv4-address }

Parameters

Parameter Description Value
all Resets all the EVN BGP connections. -
ipv4-address Resets the connection with the specified EVN BGP peer. The value is in dotted decimal notation.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After modifying an ESI, you must run the reset evn bgp command to make the new ESI value take effect.

You can run the reset evn bgp all command to reset all connections.

Precautions

After you run this command, all TCP connections established through EVN BGP are reset and EVN BGP peer relationships are re-established. Exercise caution when you run this command.

Example

# Reset all EVN BGP connections.

<HUAWEI> reset evn bgp all

reset mac-address bridge-domain

Function

The reset mac-address bridge-domain command deletes dynamically learned MAC address entries in a bridge domain (BD).

Format

reset mac-address bridge-domain bd-id

Parameters

Parameter Description Value
bd-id Deletes MAC address entries with a specified bridge domain ID. The value is an integer ranging from 1 to 16777215.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To delete dynamically learned MAC address entries (entries to be deserted, for example) in a BD, run the reset mac-address bridge-domain command.

Prerequisites

A BD has been created using the bridge-domain bd-id command in the system view.

Precautions

After the reset mac-address bridge-domain command is run, the dynamically learned MAC address entries are deleted and cannot be restored. Exercise caution when running the command.

Currently, you can only delete VXLAN MAC address entries by the BD.

Example

# Delete MAC address entries in a specified BD 10.

<HUAWEI> reset mac-address bridge-domain 10

reset vxlan statistics

Function

The reset vxlan statistics command clears VXLAN tunnel packet statistics.

Format

reset vxlan statistics source source-ip-address peer peer-ip-address [ vni vni-id ]

Parameters

Parameter Description Value
source source-ip-address Specifies the IP address of the source VTEP. The value is in dotted decimal notation.
peer peer-ip-address Specifies the IP address of the remote VTEP. The value is in dotted decimal notation.
vni vni-id Specifies the VNI ID.

The value is an integer ranging from 1 to 16000000.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To analyze VXLAN tunnel packet statistics in a period, run the reset vxlan statistics command to clear existing statistics on the device and then run the display vxlan statistics command in a period of time to view the statistics.

Precautions

Cleared VXLAN packet statistics cannot be restored. Exercise caution when you run the command.

Example

# Clear VXLAN tunnel packet statistics, where the IP addresses of the source and remote VTEPs are 10.10.1.1 and 10.1.1.1 respectively and the VNI ID is 10000.

<HUAWEI> reset vxlan statistics source 10.10.1.1 peer 10.1.1.1 vni 10000

rewrite pop double

Function

The rewrite pop double command enables a Layer 2 sub-interface with the encapsulation type being QinQ to remove double VLAN tags from received packets.

The undo rewrite command disables a Layer 2 sub-interface with the encapsulation type being QinQ from removing double VLAN tags from received packets.

By default, a Layer 2 sub-interface with the encapsulation type being QinQ is enabled to transparently transmit received packets.

Format

rewrite pop double

undo rewrite [ pop double ]

Parameters

Parameter Description Value
pop

Removes VLAN tags from received packets.

-
double

Removes double VLAN tags from received packets.

-

Views

Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a Layer 2 sub-interface with the encapsulation type being QinQ is configured as a VXLAN service access point on a VXLAN, to enable the sub-interface to remove double VLAN tags from received packets, run the rewrite pop double command.

Prerequisites

The following conditions have been met:
  • The Layer 2 sub-interface is not added to a bridge domain.

Configuration Impact

After the rewrite pop double command is run, the sub-interface processes packets as follows:
  • Removes tags from received packets before forwarding them at Layer 2.
  • Adds VLAN information into packets before forwarding them at Layer 2.

Example

# Enable 10GE 1/0/1.1 to remove double tags from received packets.

<HUAWEI> system-view
[~HUAWEI] interface 10GE 1/0/1.1 mode l2
[*HUAWEI-10GE1/0/1.1] rewrite pop double

route-distinguisher (BD-EVPN instance view)

Function

The route-distinguisher command configures a route distinguisher (RD) for a BD EVPN instance.

The undo route-distinguisher command deletes the RD of a BD EVPN instance.

By default, no RD is configured for BD EVPN instances.

Format

route-distinguisher route-distinguisher

undo route-distinguisher route-distinguisher

route-distinguisher auto

undo route-distinguisher auto

Parameters

Parameter Description Value
route-distinguisher Specifies an RD to be configured for a BD EVPN instance. The format of an RD can be as follows:
  • 2-byte AS number:4-byte user-defined number, for example, 1:3. An AS number is an integer ranging from 0 to 65535, and a user-defined number is an integer ranging from 0 to 4294967295. The AS and user-defined numbers cannot be both 0s. This means that an RD cannot be 0:0.

  • Integral 4-byte AS number:2-byte user-defined number, for example, 65537:3. An AS number is an integer ranging from 65536 to 4294967295, and a user-defined number is an integer ranging from 0 to 65535.

  • 4-byte AS number in dotted notation:2-byte user-defined number, for example, 0.0:3 or 0.1:0. A 4-byte AS number in dotted notation is in the format of x.y, where x and y are integers ranging from 0 to 65535. A user-defined number is an integer ranging from 0 to 65535. The AS and user-defined numbers cannot be both 0s. This means that an RD cannot be 0.0:0.

  • 32-bit IP address:2-byte user-defined number. For example, 192.168.122.15:1. An IP address ranges from 0.0.0.0 to 255.255.255.255, and a user-defined number is an integer ranging from 0 to 65535.

auto Specifies the RD that is automatically generated. -

Views

BD-EVPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating an EVPN instance in a BD view, run the route-distinguisher command to configure an RD for the BD EVPN instance.

Different EVPN instances may have the same route prefix. To allow a peer PE to determine to which EVPN instance a received route belongs, run the route-distinguisher command to configure an RD for the EVPN instance on the local PE. The local PE then adds the RD to the route prefix to be sent to the peer PE, and the route prefix becomes a globally unique EVPN route.

Prerequisites

An EVPN instance has been created using the evpn command in the BD view.

Precautions

Running the undo route-distinguisher command in the BD-EVPN instance view causes EVPN-related configurations to be deleted.

Example

# Configure an RD 22:1 for EVPN instance in BD 11.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 11
[*HUAWEI-bd11] evpn
[*HUAWEI-bd11-evpn] route-distinguisher 22:1

server enable

Function

The server enable command configures the local device as the router reflector (RR) on the EVN network.

The undo server enable command disables the RR function on a device.

By default, no RR is configured.

Format

server enable

undo server enable

Parameters

None

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On an EVN network, you need to create EVN BGP peers between two PE devices. If there are a large number of PE devices on the network, the number of EVN BGP peers is huge. Assume that there are n PE devices, the number of EVN BGP peers is n(n-1)/2. This consumes many network and CPU resources. Route reflection can be used to solve the problem.

Run the server enable or peer reflect-client command to configure one device on the EVN network as the RR. PE devices only need to establish EVN BGP peer relationships with the RR. The RR transmits or reflects routes among clients, but the clients do not need to establish EVN BGP peer relationships with each other. If there are n PE devices and one RR on the network, and all the PE devices are RR clients, the number of EVN BGP peers to be established is n. This reduces consumption of network and CPU resources.

Both the server enable and peer reflect-client commands can be used to configure an RR. Their differences are as follows:
  • server enable: dynamically configures an RR. All PE devices that have established peer relationships with the RR can become the RR clients after you run this command.

  • peer reflect-client: configures an RR statically. Only the specified peers can become the RR clients after you run this command. In addition, if you want to configure a PE device on the network as the RR, you must run the peer reflect-client command on the PE device.

Precautions

The peer and server enable commands are exclusive to each other. If you run the peer command to specify a PE device as an EVN BGP peer, you cannot run the server enable command to configure the PE device as the RR.

Example

# Configure the local device as the RR on the EVN network.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] server enable
Related Topics

snmp-agent trap enable feature-name nvo3

Function

The snmp-agent trap enable feature-name nvo3 command enables the trap function for the Virtual eXtensible Local Area Network (VXLAN) module.

The undo snmp-agent trap enable feature-name nvo3 command disables the trap function for the VXLAN module.

By default, the trap function is disabled for the VXLAN module.

Format

snmp-agent trap enable feature-name nvo3 [ trap-name { hwnvo3vxlantnldown | hwnvo3vxlantnlup } ]

undo snmp-agent trap enable feature-name nvo3 [ trap-name { hwnvo3vxlantnldown | hwnvo3vxlantnlup } ]

Parameters

Parameter Description Value
trap-name Enables the trap function of VXLAN events of specified types. -
hwnvo3vxlantnldown Enables the device to send a trap message when the VXLAN tunnel went down. -
hwnvo3vxlantnlup Enables the device to send a trap message when the VXLAN tunnel went up. -

Views

System view

Default Level

3: Management level

Usage Guidelines

To enable the trap function of one event, specify trap-name.

Example

# Enable the device to send a trap message when the VXLAN tunnel went up.

<HUAWEI> system-view
[~HUAWEI] snmp-agent trap enable feature-name nvo3 trap-name hwnvo3vxlantnlup

snmp-agent trap enable feature-name vstm

Function

The snmp-agent trap enable feature-name vstm command enables the alarm function for the VXLAN VSI and VSI Type Management (VSTM) module.

The undo snmp-agent trap enable feature-name vstm command disables the alarm function of the VXLAN VSTM module.

By default, the alarm function of the VXLAN VSTM module is enabled.

Format

snmp-agent trap enable feature-name vstm [ trap-name { hwethernetarphostipconflict | hwethernetarphostipconflictresume } ]

undo snmp-agent trap enable feature-name vstm [ trap-name { hwethernetarphostipconflict | hwethernetarphostipconflictresume } ]

Parameters

Parameter Description Value
trap-name Indicates the alarm function for a specific type of event of the VXLAN VSTM module. -
hwethernetarphostipconflict Configures a device to generate an alarm if detecting an IP address conflict of terminal users. -
hwethernetarphostipconflictresume Configures a device to generate a clear alarm if the IP address conflict is removed. -

Views

System view

Default Level

3: Management level

Usage Guidelines

To enable the alarm function for the VXLAN VSTM module, run the snmp-agent trap enable feature-name vstm command. If you only want to enable the alarm function for a specific type of event, configure trap-name.

Example

# Configure the alarm function for IP address conflicts of terminal users.

<HUAWEI> system-view
[~HUAWEI] snmp-agent trap enable feature-name vstm trap-name hwethernetarphostipconflict

source (NVE interface view)

Function

The source command configures an IP address for a source VXLAN tunnel endpoint (VTEP).

The undo source command deletes the IP address of a source VTEP.

By default, no IP address is configured for any source VTEP.

Format

source ip-address

undo source [ ip-address ]

Parameters

Parameter Description Value
ip-address Specifies an IP address for a source VTEP. The value is in dotted decimal notation.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A VTEP is a VXLAN tunnel endpoint that encapsulates or decapsulates VXLAN packets. It is represented by a network virtualization edge (NVE).

To configure an IP address for a source VTEP, run the source command. In VXLAN packets, the source IP address is the source VTEP's IP address, and the destination IP address is a remote VTEP's IP address. This pair of VTEP addresses corresponds to a VXLAN tunnel.

Precautions

Either a physical interface's IP address or loopback interface address can be specified for a source VTEP. Using the loopback interface address as the source VTEP's IP address is recommended.

Generally, you need to configure different VTEP IP addresses for the NVE interfaces of different devices; otherwise, traffic forwarding error may occur. However, in some special scenarios (for example, an M-LAG-enabled dual-active VXLAN access scenario or a multi-active VXLAN gateways scenario), you need to configure the same VTEP IP address for the gateways' NVE interfaces.

In large ARP table mode, you can only specify the IP address of a loopback interface on the device as the source VTEP IP address of the NVE interface.

For the CE6880EI, only the IP address of a loopback interface can be configured as the source VTEP IP address of an NVE interface.

Example

# Configure the IP address 1.1.1.1 for a source VTEP.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] source 1.1.1.1

source-address (EVN BGP view)

Function

The source-address command configures a source address for an EVN BGP peer.

The undo source-address command deletes a source address of an EVN BGP peer.

By default, no source address is configured for an EVN BGP peer.

Format

source-address ip-address

undo source-address [ ip-address ]

Parameters

Parameter Description Value
ip-address Specifies the source address of an EVN BGP peer. The value is in dotted decimal notation.

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

You can run the source-address command to configure a source address for an EVN BGP peer. The address can be used to generate the router ID, next-hop address, and EVN instance RD.

Example

# Set the source address of an EVN BGP peer to 10.1.1.1.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] source-address 10.1.1.1

statistics enable (BD view)

Function

The statistics enable command enables traffic statistics collection for a bridge domain (BD).

The undo statistics enable command disables traffic statistics collection in a BD.

By default, traffic statistics collection is disabled in BDs.

Format

statistics enable

undo statistics enable

Parameters

None

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, traffic statistics collection is disabled in BDs. Before you run the display bridge-domain statistics command to view traffic statistics for fault locating, run the statistics enable command in the BD view to enable traffic statistics collection. If traffic statistics collection is not enabled for a BD, you cannot obtain the traffic statistics in the BD.

Precautions

  • After traffic statistics collection is enabled for a BD, the device counts every packet received in the BD. If a large number of packets pass through the BD, the device counts all these packets and subsequently stores large amounts of statistics, causing device operation performance to deteriorate.

  • If traffic statistics collection is not needed in a BD, run the undo statistics enable command to disable the function.

  • On the CE6870EI, outbound traffic statistics collection is invalid for Layer 3 packets.

  • A CE6855HI, CE6856HI, or CE7855EI switch that functions as a decapsulation device on a VXLAN tunnel cannot collect BD-based traffic statistics on decapsulated ARP unicast packets. To query ARP packet statistics, run the display arp packet statistics [ interface [ interface-type interface-number ] ] command.
  • If a message indicating that the service fails to be delivered because of insufficient resources is displayed on the switch when this function is configured, you are advised to configure MQC-based traffic statistics collection.

Follow-up Procedure

Run the display bridge-domain statistics command to view traffic statistics in the BD. The command output helps locate faults.

Example

# Enable traffic statistics collection for BD 10.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] statistics enable

timer (EVN BGP view)

Function

The timer command sets the Keepalive time and holdtime of EVN BGP peers.

The undo timer command restores the default Keepalive time and holdtime for EVN BGP peers.

By default, the Keepalive time is 60s and the holdtime is 180s.

Format

timer keepalive keepalive-time hold hold-time

undo timer keepalive hold

undo timer keepalive keepalive-time hold hold-time

Parameters

Parameter Description Value
keepalive keepalive-time Specifies the Keepalive time. The value is an integer that ranges from 0 to 21845, in seconds.
hold hold-time Specifies the holdtime. The value is an integer that ranges from 3 to 65535 or 0, in seconds.

Views

EVN BGP view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After establishing an EVN BGP connection, two peers send Keepalive messages periodically to each other to maintain validity of the BGP connection. If the local device does not receive any Keepalive message or any other types of packets from the peer within the holdtime, the device considers the EVN BGP connection interrupted and closes the EVN BGP connection. The values of EVN BGP Keepalive and Hold timers determine the speed at which BGP detects network faults. You can adjust the timer values to improve network performance.
  • If short Keepalive time and holdtime are set, EVN BGP can detect a link fault quickly. This speeds up EVN BGP network convergence, but increases the number of Keepalive messages on the network and loads of devices, and consumes more network bandwidth resources.

  • If long Keepalive time and holdtime are set, the number of Keepalive messages on the network is reduced. This reduces loads of devices. If the Keepalive time is too long, EVN BGP is unable to detect link status changes in a timely manner. This prolongs BGP network convergence and may cause many packets to be lost.

After a connection is established between EVN BGP peers, the keepalive-time and hold-time values are negotiated by the peers.
  • The smaller of the hold-time values carried in Open messages of both peers is taken as the hold-time value.

  • The smaller of one third of the hold-time value and the locally configured keepalive-time value is taken as the keepalive-time value.

Precautions

If the value of a timer changes, the peers need to re-negotiate the keepalive-time and hold-time values. As a result, the EVN BGP peer relationship is disconnected. Therefore, exercise caution before changing the value of a timer.

It is recommended that you set the holdtime value to at least three times the Keepalive time value. When setting the values of keepalive-time and hold-time, pay attention to the following points:
  • The values of keepalive-time and hold-time cannot be both 0. If they are both 0, the BGP timers do not take effect. This means that BGP cannot detect link faults using the timers.

  • The hold-time value cannot be significantly greater than the keepalive-time value. For example, timer keepalive 1 hold 65535 is improper. If the hold-time value is too large, BGP cannot detect link faults in time.

Example

# Set the Keepalive time to 30s and the holdtime to 90s.

<HUAWEI> system-view
[~HUAWEI] evn bgp
[*HUAWEI-evnbgp] timer keepalive 30 hold 90

udp port

Function

The udp port command specifies a UDP port number for a DFS group.

The undo udp port command restores the default port number of the DFS group.

By default, the UDP port number of the DFS group is 61467.

Format

udp port port-number

undo udp port [ port-number ]

Parameters

Parameter

Description

Value

port-number

Specifies the UDP port number of the DFS group.

The value is an integer that ranges from 1025 to 65535.

Views

DFS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After all-active gateways on a VXLAN network establish neighbor relationships, they periodically send heartbeat packets to synchronize ARP entries. You can run this command to specify the source and destination UDP port numbers for heartbeat packets, which are UDP packets.

Precautions

  • Do not specify the UDP port numbers that are used by FTP and HTTP.

  • You are advised to run this command to change the UDP port number only when a UDP port conflict occurs.

  • Ensure that the UDP port numbers of the all-active gateway peers are the same.

Example

# Set the UDP port number of DFS group 1 to 2000.

<HUAWEI> system-view
[~HUAWEI] dfs-group 1 
[*HUAWEI-dfs-group-1] udp port 2000

vni (NVE interface view)

Function

The vni command configures a VXLAN network identifier (VNI) for a NVE interface.

The undo vni command deletes the VNI for a NVE interface, and deletes all configurations for the same VNI on the current NVE interface.

By default, no VNI is configured for a NVE interface.

Format

vni vni-id

undo vni vni-id

Parameters

Parameter Description Value
vni-id Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

VNIs are similar to VLAN IDs. VXLAN uses VNIs to differentiate VXLAN segments and identify tenants. A VNI identifies only one tenant. Even if multiple terminal users belong to the same VNI, they are considered one tenant. Run this command to configure a VNI for a NVE interface

Precautions

If other configurations are performed for the same VNI on the current NVE interface, the command configuration will be overwritten.

Example

# Configures a VNI for a NVE interface.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] vni 10

vni flood-vtep

Function

The vni flood-vtep command configures a centralized replication list for a VNI.

The undo vni flood-vtep command deletes a centralized replication list from a VNI.

By default, no centralized replication list is configured.

Format

vni vni-id flood-vtep ip-address &<1-10>

undo vni vni-id flood-vtep ip-address &<1-10>

Parameters

Parameter Description Value
vni-id Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

ip-address Specifies an IP address in the centralized replication list.

A VNI can configure a maximum of 16 IP address.

The value is in dotted decimal notation.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a source VTEP on a VXLAN connects to multiple remote VTEPs on the same VXLAN segment, run the vni flood-vtep command to configure a centralized replication list that contains the IP addresses of those remote VTEPs. Among the remote VTEP IP addresses, only one is in the working state, and others are in the backup state. After the source NVE receives broadcast, unknown unicast, and multicast (BUM) packets, the local VTEP sends a copy of the BUM packets to a replicator. The replicator then sends the BUM packets to other VTEPs with the same VNI except for the source VTEP.

If BFD detects that the master VTEP is unavailable, it re-selects an available backup VTEP to function as the centralized replicator.

Precautions

Centralized replication takes precedence over ingress replication. If both the vni flood-vtep and vni head-end peer-list commands are run on a device, VXLAN tunnels use the centralized replication mode for packet forwarding.

Example

# Configure a centralized replication list for VNI 1 with VTEP address 1.1.1.1 contained in the list.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] vni 1 flood-vtep 1.1.1.1

vni head-end peer-list

Function

The vni head-end peer-list command configures an ingress replication list that contains the IP addresses of those remote VTEPs for a VXLAN network identifier (VNI).

The undo vni head-end peer-list command deletes the ingress replication list of a VNI.

By default, no ingress replication list is configured for any VNI.

Format

vni vni-id head-end peer-list ip-address &<1-10>

undo vni vni-id [ head-end peer-list ip-address &<1-10> ]

vni vni-id head-end peer-list protocol bgp

undo vni vni-id head-end peer-list protocol bgp

Parameters

Parameter Description Value
vni-id Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

ip-address Specifies the IP address of a remote VXLAN tunnel endpoint (VTEP). The value is in dotted decimal notation.
protocol bgp Specifies BGP for establishing Layer 2 VXLAN tunnels. -

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets to.

If a source VTEP on a VXLAN connects to multiple remote VTEPs on the same VXLAN segment, run the vni head-end peer-list command to configure an ingress replication list that contains the IP addresses of those remote VTEPs. After the source NVE receives BUM packets, the local VTEP sends a copy of the BUM packets to every VTEP in the list.

To use BGP to dynamically establish Layer 2 VXLAN tunnels, run the vni vni-id head-end peer-list protocol bgp command.

Configuration Impact

Ingress replication allows BUM packets to be transmitted in broadcast mode, independent of multicast routing protocols.

Precautions

Even if a source VTEP connects only to one remote VTEP, you still need to run the vni head-end peer-list command to configure an ingress replication list with the remote VTEP's IP address specified.

Example

# Configure an ingress replication list for VNI5010, with the remote VTEPs' IP addresses being 2.2.2.2 and 3.3.3.3.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] vni 5010 head-end peer-list 2.2.2.2 3.3.3.3
# Configure BGP to dynamically establish Layer 2 VXLAN tunnels.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] vni 5010 head-end peer-list protocol bgp

vpn-target (BD-EVPN instance view)

Function

The vpn-target command configures VPN targets for a BD EVPN instance.

The undo vpn-target command deletes the VPN targets of a BD EVPN instance.

By default, no VPN target is configured for BD EVPN instances.

Format

vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

undo vpn-target { all | vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] }

vpn-target auto [ both | export-extcommunity | import-extcommunity ]

undo vpn-target auto [ both | export-extcommunity | import-extcommunity ]

Parameters

Parameter Description Value
vpn-target Specifies a VPN target to be configured for a BD EVPN instance. The format of a VPN target can be as follows:
  • 2-byte AS number:4-byte user-defined number, for example, 1:3. An AS number is an integer ranging from 0 to 65535, and a user-defined number is an integer ranging from 0 to 4294967295. The AS and user-defined numbers cannot be both 0s. This means that a VPN target cannot be 0:0.

  • Integral 4-byte AS number:2-byte user-defined number, for example, 65537:3. An AS number is an integer ranging from 65536 to 4294967295, and a user-defined number is an integer ranging from 0 to 65535.

  • 4-byte AS number in dotted notation:2-byte user-defined number, for example, 0.0:3 or 0.1:0. A 4-byte AS number in dotted notation is in the format of x.y, where x and y are integers ranging from 0 to 65535. A user-defined number is an integer ranging from 0 to 65535. The AS and user-defined numbers cannot be both 0s. This means that a VPN target cannot be 0.0:0.

  • 32-bit IP address:2-byte user-defined number. For example, 192.168.122.15:1. An IP address ranges from 0.0.0.0 to 255.255.255.255, and a user-defined number is an integer ranging from 0 to 65535.

-
both Adds a VPN target to both the import and export VPN target lists of a BD EVPN instance. If none of both, export-extcommunity, and import-extcommunity is specified in the vpn-target command, the configured VPN target is added to both the import and export VPN target lists by default. -
export-extcommunity Adds a VPN target to the export VPN target list of a BD EVPN instance. -
import-extcommunity Adds a VPN target to the import VPN target list of a BD EVPN instance. -
all Deletes all the VPN targets of a BD EVPN instance. -
auto Specifies the VPN target that is automatically generated. -

Views

BD-EVPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a local PE advertises EVPN routes to peer PEs, the EVPN routes carry all the export VPN targets of the local EVPN instance. A peer PE installs a received EVPN route to its EVPN routing table only when the route's export VPN target is identical with the import VPN target in the PE's EVPN instance. To configure VPN targets for a BD EVPN instance, run the vpn-target command.

NOTE:

A maximum of eight VPN targets can be specified in the vpn-target command. If you want to configure more VPN targets in an EVPN instance, run the vpn-target command more than once.

Prerequisites

An RD has been configured for the BD EVPN instance using the route-distinguisher command.

Configuration Impact

If the vpn-target command is not run, a PE does not install received EVPN routes into its EVPN routing table.

If all the VPN targets of an EVPN instance are deleted using the undo vpn-target command, all routes learned by the EVPN instance from other VPN instances will be deleted.

Example

# Add 5:5 to both the export and import VPN target lists of an EVPN instance in BD 11.

<HUAWEI> system-view
[~HUAWEI] bridge-domain 11
[*HUAWEI-bd11] evpn
[*HUAWEI-bd11-evpn] route-distinguisher 22:1
[*HUAWEI-bd11-evpn] vpn-target 5:5 both

vxlan anycast-gateway enable

Function

The vxlan anycast-gateway enable command enables distributed gateway.

The undo vxlan anycast-gateway enable command disables distributed gateway.

By default, distributed gateway is disabled.

Format

vxlan anycast-gateway enable

undo vxlan anycast-gateway enable

Parameters

None

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To enable distributed gateway on a VBDIF interface and allow the gateway to learn only user-side ARP, ND, or DHCP packets, run the vxlan anycast-gateway enable command. After distributed gateway is enabled, the gateway:
  • Processes only received user-side ARP, ND, or DHCP packets and generates host routes accordingly.

  • Deletes network-side ARP, ND, or DHCP entries already learned and deletes the corresponding host routes.

Configuration Impact

After distributed gateway is enabled:
  • VXLAN tunnel-side static ARP, ND, or DHCP entries cannot be configured on the gateway.
  • If distributed gateways have the same IP address, they do not report ARP, ND, or DHCP conflicts.
  • If ARP proxy is not enabled but the network-side devices and user-side hosts have the same IP address, the gateways do not report IP address conflict alarms.

Precautions

The vxlan anycast-gateway enable command is exclusive with the arp distribute-gateway enable command.

Example

# Enable distributed gateway on VBDIF 10.
<HUAWEI> system-view
[~HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] vxlan anycast-gateway enable

vxlan path detection enable

Function

The vxlan path detection enable command enables the VXLAN path detection function.

The undo vxlan path detection enable command disables the VXLAN path detection function.

By default, the VXLAN path detection function is disabled.

NOTE:
CE6880EI switches do not support the command.

Format

vxlan path detection enable

undo vxlan path detection enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After you run this command to enable the VXLAN path detection function, the controller can send detection packets to detect the path between two VTEP nodes or two VMs on the network, helping the network administrator locate faulty paths.

Precautions

  • In an SVF system, the VXLAN path detection function for VMs is supported only when VMs connect to the VXLAN through VLANs.
  • The vxlan path detection enable command is mutually exclusive with the ip path detection enable command.
  • VXLAN path detection packets are not terminated by the switch, but are forwarded to the destination server or VM.
  • VXLAN path detection can detect Layer 2 forwarding packets only.

Example

# Enable the VXLAN path detection function.

<HUAWEI> system-view
[~HUAWEI] vxlan path detection enable

vxlan statistics enable

Function

The vxlan statistics enable command enables statistics collection of VXLAN tunnel packets.

The undo vxlan statistics enable command disables statistics collection of VXLAN tunnel packets.

By default, statistics collection of VXLAN tunnel packets is disabled.

Format

vxlan statistics peer peer-ip-address [ vni vni-id ] enable

undo vxlan statistics peer