VXLAN Configuration Commands
- Command Support
- arp static bridge-domain
- arp static vni
- bridge-domain (Layer 2 sub-interface view)
- bridge-domain (system view)
- broadcast-suppression (BD view)
- description (BD view)
- display bridge-domain
- display bridge-domain statistics
- display interface nve
- display interface vbdif
- display mac-address bridge-domain
- display snmp-agent trap feature-name adpvxlan all
- display vxlan peer
- display vxlan statistics
- display vxlan tunnel
- display vxlan vni
- encapsulation (Layer 2 sub-interface view)
- interface nve
- interface vbdif
- l2 binding vlan
- multicast-suppression (BD view)
- mac-address static bridge-domain
- mac-address static bridge-domain vni
- reset bridge-domain statistics
- reset vxlan statistics
- service type vxlan-tunnel
- set vxlan resource super-mode
- snmp-agent trap enable feature-name adpvxlan
- source (NVE interface view)
- statistics enable (BD view)
- undo mac-address bridge-domain
- unknown-unicast-suppression (BD view)
- vni head-end peer-list
- vxlan statistics enable
- vxlan vni (BD view)
arp static bridge-domain
Function
The arp static bridge-domain command configures a static ARP entry on an interface of a VXLAN network.
The undo arp static bridge-domain command deletes a static ARP entry configured on an interface of a VXLAN network.
By default, no static ARP entry is configured on an interface of a VXLAN network.
Format
arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id1 [ cevid vlan-id2 ] ] interface interface-type interface-number.subnum
undo arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id1 [ cevid vlan-id2 ] ] interface interface-type interface-number.subnum
arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id3 ] interface interface-type interface-number
undo arp static ip-address mac-address bridge-domain bd-id [ vid vlan-id3 ] interface interface-type interface-number
Parameters
| Parameter | Description | Value |
|---|---|---|
| ip-address | Specifies a destination IP address. |
The value is in dotted decimal notation. |
| mac-address | Specifies the destination MAC address mapping the destination IP address. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. |
| bd-id | Specifies a BD ID. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
| vid vlan-id1 | Specifies the outer VLAN ID in the packet received by a sub-interface. |
The value is an integer that ranges from 1 to 4094. |
| cevid vlan-id2 | Specifies the inner VLAN ID in the packet received by a sub-interface. |
The value is an integer that ranges from 1 to 4094. |
| interface interface-type interface-number.subnum | Specifies an sub-interface. |
- |
| vid vlan-id3 | Specifies the VLAN ID in the packet received by a interface. |
The value is an integer that ranges from 1 to 4094. |
| interface interface-type interface-number | Specifies an nterface. |
- |
Usage Guidelines
Usage Scenario
Static ARP entries are manually configured and maintained. They will not be aged out or overridden by dynamic ARP entries. Therefore, you can run the arp static bridge-domain command on an interface of a VXLAN network to configure static ARP entries to increase communication security. Static ARP entries enable the local device and a specified device to communicate with each other using only specified MAC addresses. Attackers cannot modify mappings between IP addresses and MAC addresses in static ARP entries.
Prerequisites
The outbound interface has been added to a VLAN and bound to a BD.
Precautions
If a static ARP entry already exists, the new configuration cannot be delivered.
The specified ip-address must be in the same network segment as the outbound interface address in the ARP entry.
To specify the vid vlan-id and cevid vlan-id parameters, set the same encapsulation type as that on the interface first.
When you configure a static ARP entry on an interface of the card except the SA, and X series card, you must configure a static MAC address entry for the MAC address in the ARP entry. Otherwise, the switch will broadcast traffic from this MAC address.
Example
# On the outbound interface GE1/0/1, configure a static ARP entry with the IP address and MAC address 10.1.1.2 and aaaa-fccc-1212, respectively.
<HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-vlan10] quit [HUAWEI] interface GigabitEthernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port link-type trunk [HUAWEI-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] bridge-domain 10 [HUAWEI-bd10] l2 binding vlan 10 [HUAWEI-bd10] quit [HUAWEI] interface vbdif 10 [HUAWEI-Vbdif10] ip address 10.1.1.1 255.255.255.0 [HUAWEI-Vbdif10] quit [HUAWEI] arp static 10.1.1.2 aaaa-fccc-1212 bridge-domain 10 vid 10 interface GigabitEthernet 1/0/1
arp static vni
Function
The arp static vni command configures a static ARP entry for a VXLAN tunnel.
The undo arp static vni command deletes a static ARP entry of a VXLAN tunnel.
By default, no static ARP entry is configured for a VXLAN tunnel.
Format
arp static ip-address mac-address vni vni-id source-ip ip-address peer-ip ip-address
undo arp static ip-address mac-address vni vni-id source-ip ip-address peer-ip ip-address
Parameters
| Parameter | Description | Value |
|---|---|---|
| ip-address | Specifies a destination IP address. |
The value is in dotted decimal notation. |
| mac-address | Specifies the destination MAC address mapping the destination IP address. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. |
| vni-id | Specifies the VNI ID. |
The value is an integer that ranges from 1 to 16777215. |
| source-ip ip-address | Specifies the IP address of the source VTEP. |
The value is in dotted decimal notation. |
| peer-ip ip-address | Specifies the IP address of the destination VTEP. |
The value is in dotted decimal notation. |
Usage Guidelines
Usage Scenario
Static ARP entries are manually configured and maintained. They will not be aged out or overridden by dynamic ARP entries. Running the arp static vni command on a device to configure static ARP entries for a VXLAN tunnel increases communication security. Static ARP entries enable the local device and a specified device to communicate with each other using only specified MAC addresses. Attackers cannot modify mappings between IP addresses and MAC addresses in static ARP entries.
Prerequisites
A VXLAN tunnel and a Layer 3 gateway have been configured.
Precautions
If a static ARP entry already exists, the new configuration cannot be delivered.
The specified IP address must be in the same network segment as the outbound interface address in the ARP entry.
Example
# Configure a static ARP entry for a VXLAN tunnel that maps the IP address 10.0.0.2 to the MAC address aaaa-fccc-1212.
<HUAWEI> system-view [HUAWEI] bridge-domain 10 [HUAWEI-bd10] vxlan vni 5000 [HUAWEI-bd10] quit [HUAWEI] interface vbdif 10 [HUAWEI-Vbdif10] ip address 10.0.0.10 255.255.255.0 [HUAWEI-Vbdif10] quit [HUAWEI] interface nve 1 [HUAWEI-Nve1] source 10.1.1.1 [HUAWEI-Nve1] vni 5000 head-end peer-list 10.2.2.2 [HUAWEI-Nve1] quit [HUAWEI] arp static 10.0.0.2 aaaa-fccc-1212 vni 5000 source-ip 10.1.1.1 peer-ip 10.2.2.2
bridge-domain (Layer 2 sub-interface view)
Function
The bridge-domain command associates a Layer 2 sub-interface with a BD.
The undo bridge-domain command restores the default settings.
By default, no Layer 2 sub-interface is associated with a BD.
Parameters
| Parameter | Description | Value |
|---|---|---|
| bd-id | Specifies the ID of the BD that is associated with a Layer 2 sub-interface. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
Usage Guidelines
Usage Scenario
VXLAN needs to be deployed on a downlink interface to provide access services and an uplink interface to establish a VXLAN tunnel.
- Based on VLAN: You can associate one or multiple VLANs with a BD to add users in these VLANs to the BD. This VLAN-based mode implements larger-granularity control, but is easy to configure. It applies to VXLAN deployment on a live network.
- Based on encapsulation mode: The device sends packets of different encapsulation modes to different Layer 2 sub-interfaces based on the VLAN tags contained in the packets. You can bind a Layer 2 sub-interface to a BD to add specified users to the BD. This mode implements refined and flexible control but requires more complex configuration. It applies to VXLAN deployment on a new network.
To create a BD based on encapsulation mode, create a Layer 2 sub-interface first. Then run the encapsulation (Layer 2 sub-interface view) command to configure a supported encapsulation mode on the sub-interface. After you run the bridge-domain (Layer 2 sub-interface view) command to associate a Layer 2 sub-interface with a BD, packets containing the same VLAN tag from different LANs can communicate at Layer 2.
Prerequisites
Run the command bridge-domain (system view) to create the BD.
Run the command interface to create the Layer 2 VXLAN sub-interface.
Precautions
One Layer 2 sub-interface can be associated with only one BD.
For the BD that bind to the Layer 2 sub-interfaces which use dot1q encapsulation, the VBDIF interface of this BD cannot be created on the device.
Example
<HUAWEI> system-view [HUAWEI] bridge-domain 10 [HUAWEI-bd10] quit [HUAWEI] interface GigabitEthernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port link-type hybrid [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 1/0/1.1 mode l2 [HUAWEI-GigabitEthernet1/0/1.1] bridge-domain 10
bridge-domain (system view)
Function
The bridge-domain command creates a bridge domain (BD) and displays the BD view, or directly displays the view of an existing BD view.
The undo bridge-domain command deletes a BD.
By default, no BD is created.
Parameters
| Parameter | Description | Value |
|---|---|---|
| bd-id | Specifies the ID of a BD. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
broadcast-suppression (BD view)
Function
The broadcast-suppression command enables broadcast traffic suppression in a bridge domain (BD).
The undo broadcast-suppression command disables broadcast traffic suppression in a BD.
By default, broadcast traffic suppression is disabled in a BD.
Parameters
| Parameter | Description | Value |
|---|---|---|
| cir cir-value | Specifies the committed information rate (CIR), which is the allowed rate at which traffic can pass through. |
The value is an integer that ranges from 0 to 10000000, in kbit/s. |
| cbs cbs-value | Specifies the committed burst size (CBS), which is the maximum size of traffic that can pass through. |
The value is an integer that ranges from 10000 to 4294967295, in bytes. |
Usage Guidelines
Usage Scenario
When a large number of broadcast packets are transmitted on a network, a lot of network resources are occupied, and services on the network are affected. You can run the broadcast-suppression command to enable broadcast traffic suppression in a BD and configure the maximum number of broadcast packets that can pass through a BD. When the broadcast traffic volume exceeds the specified threshold, the system discards excess broadcast packets.
Precautions
The EA, EC, ED series cards of the S7700 do not support traffic suppression in a BD.
description (BD view)
Function
The description command configures the description of a bridge domain (BD).
The undo description command deletes the description of a BD.
By default, no description is configured for a BD.
Parameters
| Parameter | Description | Value |
|---|---|---|
| description | Specifies the BD description. |
The value is a string of 1 to 80 case-sensitive characters without spaces and question marks. |
Usage Guidelines
If you have configured multiple BDs using the bridge-domain (system view) command, run the description command in the corresponding BD view to configure the description for each BD. BD description helps you quickly understand the function of each BD, facilitating service management.
display bridge-domain
Parameters
| Parameter | Description | Value |
|---|---|---|
| bd-id | Displays the configuration of a specified BD. If this parameter is not specified, the device displays the configuration of all BDs. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
| brief | Displays brief BD configuration. |
- |
| verbose | Displays detailed BD configuration. |
- |
Usage Guidelines
After BDs are created on a device, you can run the display bridge-domain command to view the configuration of a specified BD or all BDs.
Example
# Display the configuration of all BDs.
<HUAWEI> display bridge-domain
STAT: Statistics;
--------------------------------------------------------------------------------
BDID State STAT Description
--------------------------------------------------------------------------------
10 down disable vxlan
20 up disable vxlan
--------------------------------------------------------------------------------
The total number of bridge-domains is : 2
<HUAWEI> display bridge-domain 10 verbose
Bridge-domain ID :10
Description :vxlan
State :Down
Statistics :Disable
Broadcast-suppression CIR(kbit/s) :- CBS(byte) :-
Multicast-suppression CIR(kbit/s) :10000000 CBS(byte) :4294967295
Unknown-unicast-suppression CIR(kbit/s) :0 CBS(byte) :655355
--------------------------------------------------------------------------------
Interface State
--------------------------------------------------------------------------------
GigabitEthernet1/0/1.1 down
--------------------------------------------------------------------------------
VLAN State
--------------------------------------------------------------------------------
2 down
3 down
10 down
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
BDID/Bridge-domain ID |
ID of a BD. To set the BD ID, run the bridge-domain (system view) command in the system view. |
State |
BD status:
|
STAT/Statistics |
Whether traffic statistics collection is enabled for the BD:
|
Description |
BD description. To configure the description of a BD, run the description (BD view) command. |
The total number of bridge-domains is |
Total number of BDs on the device. |
Broadcast-suppression CIR(kbit/s) CBS(byte) |
CIR and CBS in a BD specified by the broadcast suppression function. The unit is kbit/s and byte, respectively. |
Multicast-suppression CIR(kbit/s) CBS(byte) |
CIR and CBS in a BD specified by the multicast suppression function. The unit is kbit/s and byte, respectively. |
Unknown-unicast-suppression CIR(kbit/s) CBS(byte) |
CIR and CBS in a BD specified by the unknown unicast suppression function. The unit is kbit/s and byte, respectively. |
Interface State |
Member interface in a BD and its status.
|
VLAN State |
Status of the VLAN associated with the BD.
|
display bridge-domain statistics
Parameters
| Parameter | Description | Value |
|---|---|---|
| bd-id | Displays packet statistics in a specified BD. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
Usage Guidelines
Usage Scenario
You can run the display bridge-domain statistics command to view packet statistics in a BD. The information helps you locate faults and simplifies VXLAN network maintenance.
Before using this command to view packet statistics in a BD, run the statistics enable (BD view) command in the BD view to enable packet statistics collection in the BD.
Precautions
Only the X series card support VXLAN packet statistics collection.
Example
# Display packet statistics in BD 10.
<HUAWEI> display bridge-domain 10 statistics Total: -------------------------------------------------------------------------- Item Packets Bytes -------------------------------------------------------------------------- Inbound 10 1520 Outbound 10 1520 -------------------------------------------------------------------------- Slot 1: -------------------------------------------------------------------------- Item Packets Bytes -------------------------------------------------------------------------- Inbound 10 1520 Outbound 10 1520 --------------------------------------------------------------------------
display interface nve
Function
The display interface nve command displays Network Virtualization Edge (NVE) interface information.
Parameters
| Parameter | Description | Value |
|---|---|---|
| nve-number | Specifies the number of an NVE interface. If nve-number is not specified, information about all NVE interfaces is displayed. |
The value is 1. |
| main | Displays the running status and statistics of the main interface. |
- |
Usage Guidelines
To monitor the NVE interface status or locate an NVE interface fault on the VXLAN network, run the display interface nve command to check the running status and statistics of the NVE interface.
Example
# Display the running status of the NVE interface.
<HUAWEI> display interface nve 1
Nve1 current state : UP Line protocol current state : UP Description: Route Port Current system time: 2017-03-28 19:50:24
Item |
Description |
|---|---|
Nve1 current state |
Physical status of the NVE interface. The physical status of the successfully created NVE interface is always Up. |
Line protocol current state |
Link layer protocol status of the NVE interface. The link layer protocol status of the successfully created NVE interface is always Up. |
Description |
Description of the NVE interface. |
Route Port |
The interface is a Layer 3 interface. |
Current system time |
System time. |
display interface vbdif
Function
The display interface vbdif command displays the status, configuration, and statistics of a VBDIF interface.
Parameters
| Parameter | Description | Value |
|---|---|---|
| bd-id | Displays the status, configuration, and statistics of a VBDIF interface with a specified BD ID. If no BD ID is specified, the status, configuration, and statistics of all VBDIF interfaces are displayed. |
The BD ID of a VBDIF interface must already exist. |
| main | Displays the running status and statistics of the main interface. |
- |
Usage Guidelines
Usage Scenario
To monitor an interface or locate an interface fault, you can use the display interface vbdif command to view the interface status, interface configuration, and traffic statistics on the interface. The information helps you locate faults in the system or on an interface.
Prerequisites
The specified VBDIF interface has been created.
Example
# Display information of VBDIF interface with BD ID 20.
<HUAWEI> display interface vbdif 20
Vbdif20 current state : UP
Line protocol current state : UP
Last line protocol up time : 2015-07-08 11:25:34
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.20.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 0000-5e00-0101
Current system time: 2015-07-08 14:09:59
Input bandwidth utilization : --
Output bandwidth utilization : --
Item |
Description |
|---|---|
Vbdif20 current state |
Physical status of a VBDIF interface.
|
Line protocol current state |
Link-layer protocol status of a VBDIF interface.
|
Last line protocol up time |
Last time the link-layer protocol of an interface goes Up.
NOTE:
This field is displayed only when the link-layer protocol status is Up. |
Description |
Description of a VBDIF interface. The description helps you learn the functions of the interface. |
Route Port |
Layer 3 interface. |
The Maximum Transmit Unit is |
Maximum transmit unit (MTU) of an interface. The default MTU is 1500 bytes. Packets whose size is greater than the MTU are fragmented before being transmitted. If non-fragmentation is configured, these packets are discarded. |
Internet Address is |
IP address of an interface. If no IP address is configured for the current interface, the command output is displayed as "Internet protocol processing: disabled." |
IP Sending Frames' Format is |
Format of the Ethernet frames sent by a VBDIF interface. The default value is PKTFMT_ETHNT_2. A VBDIF interface can identify the received Ethernet frames of the following formats:
|
Hardware address is |
Physical address of an interface. |
Current system time |
System time. |
Input |
Number of packets received by the interface. |
Output |
Number of packets sent by the interface |
display mac-address bridge-domain
Parameters
| Parameter | Description | Value |
|---|---|---|
| mac-address | Displays an entry with a specified MAC address. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The MAC address cannot be FFFF-FFFF-FFFF, 0000-0000-0000, or a multicast MAC address. |
| bd-id | Displays MAC address entries of a specified BD. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
| verbose | Displays detailed information about MAC address entries. |
- |
Usage Guidelines
Usage Scenario
The MAC address table of a switch stores MAC addresses of other devices. The switch queries the MAC address table to quickly locate the outbound interface for data forwarding. You can run the display mac-address bridge-domain command to view MAC address entries of a specified BD.
Follow-up Procedure
If any MAC address entry in the command output is incorrect, run the undo mac-address command to delete the entry or run the mac-address static command to add a correct one.
Example
# Display MAC address entries of BD 20.
<HUAWEI> system-view [HUAWEI] display mac-address bridge-domain 20 ------------------------------------------------------------------------------- MAC Address VLAN/VSI/BD Learned-From Type ------------------------------------------------------------------------------- 0003-0005-0006 -/-/20 GE0/0/23.5 static ------------------------------------------------------------------------------- Total items displayed = 1
# Display detailed information about MAC address entries of BD 20.
<HUAWEI> system-view [HUAWEI] display mac-address bridge-domain 20 verbose ------------------------------------------------------------------------------- MAC Address : 0003-0005-0006 BD : 20 Learned-From: GE0/0/23.5 Type : static ------------------------------------------------------------------------------- Total items displayed = 1
Item |
Description |
|---|---|
MAC Address |
MAC address. |
VLAN/VSI/BD |
ID of the VLAN, name of the virtual switch instance (VSI), or ID of the BD to which the MAC address belongs. |
Learned-From |
Interface on which a MAC address is learned. |
Type |
Type of a MAC address entry:
|
display snmp-agent trap feature-name adpvxlan all
Function
The display snmp-agent trap feature-name adpvxlan all command displays all trap messages of the ADPVXLAN module.
Usage Guidelines
The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. After that, the network administrator immediately takes measures to resolve the problem.
The display snmp-agent trap feature-name adpvxlan all command displays whether all trap functions of the ADPVXLAN module are enabled.
Example
# Display all trap messages of the ADPVXLAN module.
<HUAWEI>display snmp-agent trap feature-name adpvxlan all ------------------------------------------------------------------------------ Feature name: ADPVXLAN Trap number : 3 ------------------------------------------------------------------------------ Trap name Default switch status Current switch status hwNotsuppDecapVxlanFragPackets on on hwVxlanTnlCfgFailed on on hwNotsuppDecapVxlanPackets on on
Item |
Description |
|---|---|
Feature name |
Name of the module to which a trap message belongs. |
Trap number |
Number of trap messages. |
Trap name |
Name of a trap message of the ADPVXLAN module:
|
Default switch status |
Status of the default trap function:
|
Current switch status |
Status of the current trap function:
|
display vxlan peer
Function
The display vxlan peer command displays the IP address of the destination virtual tunnel end point (VTEP) of a Virtual Network Identifier (VNI).
Parameters
| Parameter | Description | Value |
|---|---|---|
| vni vni-id | Displays the IP address of the destination VTEP of a specified VNI. |
The value is an integer that ranges from 1 to 16777215. |
Usage Guidelines
Usage Scenario
After completing VXLAN configuration, you can run the display vxlan peer command to view information about the source and destination IP address bound to the VNI.
Precautions
Before running the display vxlan peer command, ensure that the device has been configured with VNIs. Otherwise, the command output is meaningless.
Example
<HUAWEI> display vxlan peer Vni ID Source Destination Type -------------------------------------------------------------- 10 10.1.1.2 10.1.1.3 static 10 10.1.1.2 10.1.1.4 static -------------------------------------------------------------- Number of peers : 2
Item |
Description |
|---|---|
Vni ID |
ID of a VNI. To configure or modify a VNI ID, run the vxlan vni (BD view) command. |
Source |
IP address of the source VTEP. To configure or modify the IP address of the source VTEP, run the source (NVE interface view) command. |
Destination |
IP address of the destination VTEP. To configure or modify the IP address of the destination VTEP, run the vni head-end peer-list command. |
Type |
The IP address of the destination VTEP is configured in static mode, the IP address is configured using the vni head-end peer-list command. |
Number of peers |
Number of destination VTEPs. |
display vxlan statistics
Parameters
| Parameter | Description | Value |
|---|---|---|
| source source-ip-address | Specifies the IPv4 address of the source VTEP. |
The value is in dotted decimal notation. |
| peer peer-ip-address | Specifies the IPv4 address of the destination VTEP. |
The value is in dotted decimal notation. |
| vni vni-id | Specifies a VNI ID. |
The value is an integer that ranges from 1 to 16777215. |
Usage Guidelines
Usage Scenario
You can run the display vxlan statistics command to view VXLAN tunnel packet statistics. The information helps you locate faults and simplifies VXLAN network maintenance.
Before using this command to view VXLAN tunnel packet statistics, run the vxlan statistics enable command on an NVE interface to enable statistics collection on VXLAN tunnel packets.
Precautions
Only the X series card support VXLAN packet statistics collection.
Example
# Display statistics on VXLAN tunnel packets, with 10.10.1.1 and 10.1.1.1 as the source and destination VTEP IP addresses.
<HUAWEI> display vxlan statistics source 10.10.1.1 peer 10.1.1.1 Total: -------------------------------------------------------------------------- Item Packets Bytes -------------------------------------------------------------------------- Inbound 5 760 Outbound 5 760 -------------------------------------------------------------------------- Slot 31: -------------------------------------------------------------------------- Item Packets Bytes -------------------------------------------------------------------------- Inbound 5 760 Outbound 5 760 --------------------------------------------------------------------------
Item |
Description |
|---|---|
Slot |
Slot ID. |
Item |
Statistical item. |
Packets |
Number of packets. |
Bytes |
Number of bytes. |
Inbound |
Packet statistics in the inbound direction of the VXLAN tunnel. |
Outbound |
Packet statistics in the outbound direction of the VXLAN tunnel. |
display vxlan tunnel
Parameters
| Parameter | Description | Value |
|---|---|---|
| tunnel-id | Displays information about the VXLAN tunnel with a specified ID. If this parameter is not specified, the device displays information about all VXLAN tunnels. |
The value is an integer that ranges from 1 to 4294967295. |
| verbose | Displays detailed VXLAN tunnel information. |
- |
Usage Guidelines
After VXLAN tunnels are established, you can run the display vxlan tunnel command to view VXLAN tunnel information.
Example
<HUAWEI> display vxlan tunnel Tunnel ID Source Destination State Type ---------------------------------------------------------------------------- 4026531841 10.1.1.2 10.1.1.4 up static ---------------------------------------------------------------------------- Number of vxlan tunnel : 1
<HUAWEI> display vxlan tunnel verbose Tunnel ID : 4026531841 Source : 10.1.1.2 Destination : 10.1.1.4 State : up Type : static ---------------------------------------------------------------------------- Number of vxlan tunnel : 1
Item |
Description |
|---|---|
Tunnel ID |
ID of a VXLAN tunnel. After a VXLAN tunnel is established, the ID is automatically generated by the device. |
Source |
Source IP address of the VXLAN tunnel. To configure the source IP address, run the source (NVE interface view) command. |
Destination |
Destination IP address of the VXLAN tunnel. |
State |
Status of the VXLAN tunnel:
|
Type |
The VXLAN tunnel type is static, the VXLAN tunnel status is determined by the configuration mode of peer-list in the vni head-end peer-list command. |
Number of vxlan tunnel |
Total number of VXLAN tunnels. |
display vxlan vni
Function
The display vxlan vni command displays the VXLAN configuration of a specified VNI or all VNIs.
Parameters
| Parameter | Description | Value |
|---|---|---|
| vni-id | Displays VXLAN information about a specified VNI. If this parameter is not specified, the device displays VXLAN configuration of all VNIs. |
The value is an integer that ranges from 1 to 16777215. |
| verbose | Displays detailed VXLAN information about a specified VNI. |
- |
Usage Guidelines
Applications
After VXLAN is configured, you can run the display vxlan vni command to view information about BDs associated with VNIs and VNI status.
Precautions
Before running the display vxlan vni command, ensure that the device has been configured with VNIs. Otherwise, the command output is meaningless.
Example
<HUAWEI> display vxlan vni VNI BD-ID State ----------------------------------------- 10 10 up 20 20 up ----------------------------------------- Number of vxlan vni bound to BD is : 2
# Display detailed VXLAN information about VNI 10.
<HUAWEI> display vxlan vni 10 verbose
BD ID :10
State :up
Source :10.1.1.2
UDP Port :4789
Peer List :10.1.1.1 10.1.1.3
Item |
Description |
|---|---|
VNI |
ID of a VNI. To configure or modify a VNI ID, run the vxlan vni command. |
BD-ID (BD ID) |
ID of the BD associated with a VNI. To configure or modify a BD ID, run the bridge-domain (system view) command. |
State |
VNI status:
To ensure that the VNI status is up, the corresponding VXLAN tunnel must exist and be up for the VNI. If the VNI status is down, check whether Source and Peer List in this command output are the same as Source and Destination in the output of the display vxlan tunnel command.
|
Number of vxlan vni bound to BD is |
Number of existing VNIs bound to BDs. |
Source |
IP address of the source VTEP. To configure the IP address of the source VTEP, run the source (NVE interface view) command. |
UDP Port |
Destination UDP port. The port number is fixed as 4789. |
Peer List |
IP address of the destination VTEP. To configure the IP address of the destination VTEP, run the vni head-end peer-list command. |
encapsulation (Layer 2 sub-interface view)
Function
The encapsulation command configures the encapsulation mode of packets allowed to pass a Layer 2 sub-interface.
The undo encapsulation command deletes the encapsulation mode of packets allowed to pass a Layer 2 sub-interface.
By default, the encapsulation mode of packets allowed to pass a Layer 2 sub-interface is not configured.
Format
encapsulation { dot1q vid pe-vid | default | untag | qinq vid vlan-vid ce-vid ce-vid }
undo encapsulation { dot1q vid pe-vid | default | untag | qinq vid vlan-vid ce-vid ce-vid }
Parameters
| Parameter | Description | Value |
|---|---|---|
| dot1q | Sets encapsulation mode of packets allowed to pass a Layer 2 sub-interface to Dot1q. This mode enables a Layer 2 sub-interface to receive packets with a VLAN tag. |
- |
| vid pe-vid | Specifies the outer VLAN ID in packets allowed to pass a Layer 2 sub-interface in Dot1q encapsulation mode. |
The value is an integer that ranges from 2 to 4094. |
| default | Sets the encapsulation mode of packets allowed to pass a Layer 2 sub-interface to default. This mode enables a Layer 2 sub-interface to receive all packets, regardless of whether they contain VLAN tags. |
- |
| untag | Sets the encapsulation mode of packets allowed to pass a Layer 2 sub-interface to untag. This mode enables a Layer 2 sub-interface to receive packets without VLAN tags. |
- |
| qinq | Sets encapsulation mode of packets allowed to pass a Layer 2 sub-interface to QinQ. This mode enables a Layer 2 sub-interface to receive packets with double VLAN tags. |
- |
| vid vlan-vid | Specifies the outer VLAN ID in double-tagged packets allowed to pass a Layer 2 sub-interface in QinQ encapsulation mode. |
The value is an integer that ranges from 2 to 4094. |
| ce-vid ce-vid | Specifies the inner VLAN ID in double-tagged packets allowed to pass a Layer 2 sub-interface in QinQ encapsulation mode. |
The value is an integer that ranges from 1 to 4094. |
Usage Guidelines
Usage Scenario
On a VXLAN network, a Layer 2 sub-interface functions as a VXLAN service access point to forward data packets in a BD.
Packets passing through a physical interface may contain one or two VLAN tags or no VLAN tag. After you run the encapsulation command in a Layer 2 sub-interface view to configure the encapsulation mode, the sub-interface can forward only specified types of packets.
Prerequisites
Run the command interface interface-type interface-number.subnum mode l2 to create a VXLAN Layer 2 sub-interface
Precautions
When configuring an encapsulation mode on a Layer 2 sub-interface, pay attention to the following points:
- Only interfaces on the X, SC, and FC series cards support set the encapsulation mode to qinq.
The VLAN ID in dot1q mode or outer VLAN ID in qinq mode cannot be the same as the allowed VLAN of the corresponding main interface or the global VLAN.
On the same main interface, the VLAN ID in dot1q mode and the outer VLAN ID in qinq mode must be different.
After NAC authentication is configured on the main interface, the traffic encapsulation type on a Layer 2 sub-interface cannot be set to default.
When the encapsulation mode of a Layer 2 sub-interface is default, the corresponding main interface cannot be added to any VLAN, including VLAN 1.
Before the encapsulation mode of a Layer 2 sub-interface is set to default, the main interface has only one sub-interface.
After the encapsulation mode of a Layer 2 sub-interface is set to default, no other sub-interface can be created on the main interface.
When the encapsulation mode of a Layer 2 sub-interface is set to untag, other sub-interfaces of the main interface cannot be set to untag.
You can configure only one encapsulation mode for each Layer 2 sub-interface. If an encapsulation mode has been configured for a Layer 2 sub-interface, run the undo encapsulation command to delete the original mode before you configure another mode.
Example
<HUAWEI> system-view [HUAWEI] interface GigabitEthernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port link-type hybrid [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 1/0/1.1 mode l2 [HUAWEI-GigabitEthernet1/0/1.1] encapsulation dot1q vid 10
interface nve
Function
The interface nve command creates a Network Virtualization Edge (NVE) interface and displays the NVE interface view.
The undo interface nve command deletes a specified NVE interface.
By default, no NVE interface is created.
Parameters
| Parameter | Description | Value |
|---|---|---|
| nve-number | Specifies the number of an NVE interface. | The value is 1. |
Usage Guidelines
Usage Scenario
To make full use of advantages of server virtualization, you can deploy VXLAN to connect to multiple tenants. VXLAN tunnel information needs to be configured on an NVE interface, so the interface nve command needs to be executed to create the NVE interface.
Precautions
After a VXLAN tunnel is configured, running the undo interface nve command will delete the specified NVE interface and all the configuration of the NVE interface.
interface vbdif
Function
The interface vbdif command creates a VBDIF interface and displays the VBDIF interface view, or displays the view of an existing VBDIF interface.
The undo interface vbdif command deletes a VBDIF interface.
By default, no VBDIF interface is created.
Parameters
| Parameter | Description | Value |
|---|---|---|
| bd-id | Specifies the ID of a BD. | The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
Usage Guidelines
Usage Scenario
IP routes are required for communication between VXLAN networks on different network segments and between VXLAN and non-VXLAN networks.
To enable the communication, run the interface vbdif command to create a VBDIF interface for each BD and assign an IP address to the VBDIF interface. A VBDIF interface is a Layer 3 logical interface and can be configured with an IP address.
Prerequisites
The specified BD has been created.
l2 binding vlan
Function
The l2 binding vlan command associates a specified VLAN with a BD.
The undo l2 binding vlan command restores the default settings.
By default, a VLAN is associated with no BD.
Parameters
| Parameter | Description | Value |
|---|---|---|
| vlan-id | Specifies a VLAN ID. |
The value is an integer that ranges from 1 to 4094. Currently, VLAN 1 cannot be associated with a BD. |
Usage Guidelines
Usage Scenario
VXLAN needs to be deployed on a downlink interface to provide access services and an uplink interface to establish a VXLAN tunnel.
- Based on VLAN: You can associate one or multiple VLANs with a BD to add users in these VLANs to the BD. This VLAN-based mode implements larger-granularity control, but is easy to configure. It applies to VXLAN deployment on a live network.
- Based on encapsulation mode: The device sends packets of different encapsulation modes to different Layer 2 sub-interfaces based on the VLAN tags contained in the packets. You can bind a Layer 2 sub-interface to a BD to add specified users to the BD. This mode implements refined and flexible control but requires more complex configuration. It applies to VXLAN deployment on a new network.
After you run this command to associate specified VLANs with a BD, different VLANs associated with the same BD form a large Layer 2 network. Users belong to these VLANs can communicate at Layer 2 through VXLAN tunnels.
Prerequisites
The VLAN to be bound to the BD has been created using the vlan command.
Precautions
multicast-suppression (BD view)
Function
The multicast-suppression command enables multicast traffic suppression in a BD.
The undo multicast-suppression command disables multicast traffic suppression in a BD.
By default, multicast traffic suppression is disabled in a BD.
Parameters
| Parameter | Description | Value |
|---|---|---|
| cir cir-value | Specifies the committed information rate (CIR), which is the allowed rate at which traffic can pass through. |
The value is an integer that ranges from 0 to 10000000, in kbit/s. |
| cbs cbs-value | Specifies the committed burst size (CBS), which is the maximum size of traffic that can pass through. |
The value is an integer that ranges from 10000 to 4294967295, in bytes. |
Usage Guidelines
Usage Scenario
When a large number of multicast packets are transmitted on a network, a lot of network resources are occupied, and services on the network are affected. You can run the multicast-suppression command to enable multicast traffic suppression in a BD and configure the maximum number of multicast packets that can pass through a BD. When the multicast traffic volume exceeds the specified threshold, the system discards excess multicast packets.
Precautions
The EA, EC, ED series cards of the S7700 do not support traffic suppression in a BD.
mac-address static bridge-domain
Function
The mac-address static bridge-domain command configures a static MAC address entry on a VXLAN access-side interface.
The undo mac-address static bridge-domain command deletes a static MAC address entry on a VXLAN access-side interface.
By default, no static MAC address entry is configured on a VXLAN access-side interface.
Format
mac-address static mac-address interface-type interface-number.subnum bridge-domain bd-id { default | untag | vid vlan-id1 [ ce-vid vlan-id2 ] }
undo mac-address static mac-address interface-type interface-number.subnum bridge-domain bd-id { default | untag | vid vlan-id1 [ ce-vid vlan-id2 ] }
mac-address static mac-address interface-type interface-number bridge-domain bd-id vid vlan-id3
undo mac-address static mac-address interface-type interface-number bridge-domain bd-id vid vlan-id3
Parameters
| Parameter | Description | Value |
|---|---|---|
| mac-address | Specifies the MAC address in the static MAC address entry. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The MAC address cannot be FFFF-FFFF-FFFF, 0000-0000-0000, or a multicast MAC address. |
| interface-type interface-number.subnum | Specifies that the outbound interface in the static MAC address entry is a Layer 2 sub-interface. |
- |
| bd-id | Specifies the BD to which the outbound interface belongs. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
| default | Specifies that the outbound interface allows packets of the default type to pass. |
- |
| untag | Specifies that the outbound interface allows packets of the untag type to pass. |
- |
| vid vlan-id1 | Specifies the outer VLAN ID in the packets allowed to pass the outbound interface. |
The value is an integer that ranges from 1 to 4094. |
| ce-vid vlan-id2 | Specifies the inner VLAN ID in the packets allowed to pass the outbound interface. |
The value is an integer that ranges from 1 to 4094. |
| interface-type interface-number | Specifies that the outbound interface in the static MAC address entry is a specified interface. |
- |
| vid vlan-id3 | Specifies the ID of the VLAN to which the outbound interface belongs. |
The value is an integer that ranges from 1 to 4094. |
Usage Guidelines
Usage Scenario
When the device creates a MAC address table by learning source MAC addresses, the device cannot distinguish packets from authorized and unauthorized users. This threatens network security. If an unauthorized user uses the MAC address of an authorized user as the source MAC address of attack packets and connects to another interface of the device, the device learns an incorrect MAC address entry. The device incorrectly forwards the packets to the unauthorized user. Actually, the packets should be forwarded to the authorized user. You can run the mac-address static bridge-domain command to add a static MAC address entry to the MAC address table on the VXLAN access side. The static MAC address entry binds the MAC address to a specified interface, which prevents unauthorized users from intercepting data of authorized users. In addition, a manually configured static MAC address entry improves the unicast packet forwarding efficiency and saves bandwidth.
PrerequisitesThe interface has been added to a BD.
Example
# Configure a static MAC address entry on a VXLAN access-side interface. In the entry, the destination MAC address is aaaa-fccc-1212 and the flow encapsulation type of the outbound interface is dot1q.
<HUAWEI> system-view [HUAWEI] bridge-domain 20 [HUAWEI-bd10] quit [HUAWEI] interface gigabitethernet 1/0/1.1 mode l2 [HUAWEI-GigabitEthernet1/0/1.1] encapsulation dot1q vid 6 [HUAWEI-GigabitEthernet1/0/1.1] bridge-domain 20 [HUAWEI-GigabitEthernet1/0/1.1] quit [HUAWEI] mac-address static aaaa-fccc-1212 GigabitEthernet 1/0/1.1 bridge-domain 20 vid 6
# Configure a static MAC address entry on the VXLAN access-side interface. In the entry, the destination MAC address is aaaa-fccc-1213 and the outbound interface is added to a BD by the VLAN.
<HUAWEI> system-view [HUAWEI] vlan 8 [HUAWEI-vlan8] quit [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port hybrid tagged vlan 8 [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] bridge-domain 30 [HUAWEI-bd10] l2 binding vlan 8 [HUAWEI-bd10] quit [HUAWEI] mac-address static aaaa-fccc-1213 GigabitEthernet 1/0/1 bridge-domain 30 vid 8
mac-address static bridge-domain vni
Function
The mac-address static bridge-domain vni command configures a static MAC address entry on a VXLAN tunnel-side interface.
The undo mac-address static bridge-domain vni command deletes a static MAC address entry on a VXLAN tunnel-side interface.
By default, no static MAC address entry is configured on a VXLAN tunnel-side interface.
Format
mac-address static mac-address bridge-domain bd-id source ip-address peer ip-address vni vni-id
undo mac-address static mac-address bridge-domain bd-id source ip-address peer ip-address vni vni-id
Parameters
| Parameter | Description | Value |
|---|---|---|
| mac-address | Specifies the MAC address in the static MAC address entry. |
The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The MAC address cannot be FFFF-FFFF-FFFF, 0000-0000-0000, or a multicast MAC address. |
| bd-id | Specifies the BD to which the outbound interface belongs. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
| source-ip-address | Specifies the source IP address of the VXLAN tunnel. |
The value is in dotted decimal notation. |
| peer ip-address | Specifies the remote IP address of the VXLAN tunnel. |
The value is in dotted decimal notation. |
| vni-id | Specifies the ID of a VXLAN tunnel. |
The value is an integer that ranges from 1 to 16777215. |
Usage Guidelines
Usage Scenario
When the device creates a MAC address table by learning source MAC addresses, the device cannot distinguish packets from authorized and unauthorized users. This threatens network security. If an unauthorized user uses the MAC address of an authorized user as the source MAC address of attack packets and connects to another interface of the device, the device learns an incorrect MAC address entry. The device incorrectly forwards the packets to the unauthorized user. Actually, the packets should be forwarded to the authorized user. You can run the mac-address static bridge-domain vni command to add a static MAC address entry to the MAC address table on the VXLAN tunnel side. The static MAC address entry binds the MAC address to a specified interface, which prevents unauthorized users from intercepting data of authorized users. In addition, a manually configured static MAC address entry improves the unicast packet forwarding efficiency and saves bandwidth.
PrerequisitesA VXLAN tunnel has been created.
Example
# On a VXLAN tunnel-side interface, configure a static MAC address entry with the destination MAC address aaaa-fccc-1212.
<HUAWEI> system-view [HUAWEI] bridge-domain 20 [HUAWEI-bd10] vxlan vni 2000 [HUAWEI-bd10] quit [HUAWEI] interface nve 1 [HUAWEI-Nve1] source 10.1.1.2 [HUAWEI-Nve1] vni 2000 head-end peer-list 10.1.2.2 [HUAWEI-Nve1] quit [HUAWEI] mac-address static aaaa-fccc-1212 bridge-domain 20 source 10.1.1.2 peer 10.1.2.2 vni 2000
reset bridge-domain statistics
Parameters
| Parameter | Description | Value |
|---|---|---|
| bd-id | Specifies the ID of a BD packet statistics of which are to be deleted. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
Usage Guidelines
Usage Scenario
Before you collect packet statistics in a specified BD within a specific period, run the reset bridge-domain statistics command to clear the existing statistics in the BD to ensure statistics accuracy.
Precautions
Packet statistics cannot be restored after you clear them; therefore, exercise caution before you run the reset bridge-domain statistics command.
reset vxlan statistics
Parameters
| Parameter | Description | Value |
|---|---|---|
| source source-ip-address | Specifies the IPv4 address of the source VTEP. |
The value is in dotted decimal notation. |
| peer peer-ip-address | Specifies the IPv4 address of the destination VTEP. |
The value is in dotted decimal notation. |
| vni vni-id | Specifies a VNI ID. |
The value is an integer that ranges from 1 to 16777215. |
Usage Guidelines
Usage Scenario
Before you collect VXLAN tunnel packet statistics within a specific period, run the reset vxlan statistics command to clear the existing statistics to ensure statistics accuracy.
Precautions
Packet statistics cannot be restored after you clear them; therefore, exercise caution before you run the reset vxlan statistics command.
service type vxlan-tunnel
Function
The service type vxlan-tunnel command configures an Eth-Trunk as a VXLAN loopback interface.
The undo service type vxlan-tunnel command cancels the configuration.
By default, an Eth-Trunk is not a VXLAN loopback interface.
NOTE: Only the S7706 and S7712 switches support this command.
Usage Guidelines
Usage Scenario
If a switch uses an interface on the ES1D2X48SEC4 card as the tunnel-side interface, the switch can decapsulate received VXLAN packets and forward them at Layer 3 only after a VXLAN loopback interface is configured. As a result, you need to configure an Eth-Trunk as the VXLAN loopback interface when the switch functions as the Layer 3 VXLAN gateway.
Follow-up Procedure
Run the trunkport command to add member interfaces to the VXLAN loopback interface.
Precautions
After an Eth-Trunk is configured as a VXLAN loopback interface, STP is automatically disabled on the Eth-Trunk. The Eth-Trunk then does not support STP configuration commands. After the configuration is canceled, STP is automatically enabled on the Eth-Trunk.
Only one Eth-Trunk on a switch can be configured as the VXLAN loopback interface. VXLAN packets from all VBDIF interfaces are encapsulated and decapsulated by this loopback interface.
An Eth-Trunk containing member interfaces cannot be configured as a VXLAN loopback interface.
The configurations allowed on an Eth-Trunk to be configured as a loopback interface include description, enable snmp trap updown, jumboframe enable, qos car inbound, qos phb marking enable, set flow-stat interval, shutdown, traffic-policy (interface view), and trust. If other configurations exist on the Eth-Trunk, the Eth-Trunk cannot be configured as a loopback interface.
After an Eth-Trunk is configured as a loopback interface, the Eth-Trunk supports only the following configurations: authentication open ucl-policy enable, description, enable snmp trap updown, jumboframe enable, mixed-rate link enable, qos car inbound, qos phb marking enable, set flow-stat interval, shutdown, statistic enable (interface view), traffic-policy (interface view), vcmp disable, and trust.
Before running the undo service type vxlan-tunnel command, delete all the member interfaces from the Eth-Trunk.
Only interfaces on the X series and ES1D2X48SEC4 cards can be added to a VXLAN loopback interface.
set vxlan resource super-mode
Function
The set vxlan resource super-mode command sets the super VXLAN resource mode.
The undo set vxlan resource super-mode command restores the default VXLAN resource mode.
By default, the device supports 4095 BDs.
NOTE: Only the S7706, and S7712 support this command.
Usage Guidelines
Usage Scenario
When VXLAN is configured, the device supports 4095 BDs by default. If you want more than 4095 BDs, run the set vxlan resource super-mode command to set the super VXLAN resource mode. After this command is configured, the device supports 16000 BDs.
Precautions
After setting the super VXLAN resource mode, save the configuration and then restart the device to make the configuration take effect.
When the super VXLAN resource mode is configured, the forwarding performance of some services may degrade, such as the IP multicast, VPLS, VLAN mapping, Layer 3 traffic forwarding of sub-interfaces, and VLAN stacking services.
snmp-agent trap enable feature-name adpvxlan
Function
The snmp-agent trap enable feature-name adpvxlan command enables the trap function for the ADPVXLAN module.
The undo snmp-agent trap enable feature-name adpvxlan command disables the trap function for the ADPVXLAN module.
By default, the trap function is enabled for the ADPVXLAN module.
Format
snmp-agent trap enable feature-name adpvxlan [ trap-name { hwnotsuppdecapvxlanfragpackets | hwnotsuppdecapvxlanpackets | hwvxlantnlcfgfailed } ]
undo snmp-agent trap enable feature-name adpvxlan [ trap-name { hwnotsuppdecapvxlanfragpackets | hwnotsuppdecapvxlanpackets | hwvxlantnlcfgfailed } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| trap-name | Enables the traps of ADPVXLAN events of specified types. | - |
| hwnotsuppdecapvxlanfragpackets | Enables the device to send trap when the card cannot decapsulate received fragmented VXLAN packets. | - |
| hwnotsuppdecapvxlanpackets | Enables the device to send trap when the VXLAN-incapable card failed to decapsulate received VXLAN packets. | - |
| hwvxlantnlcfgfailed | Enables the device to send trap when the card failed to deliver entries during VXLAN tunnel establishment due to a hash conflict. | - |
source (NVE interface view)
Function
The source command configures an IP address for a source VXLAN Tunnel Endpoint (VTEP).
The undo source command deletes the IP address of the source VTEP.
By default, no IP address is configured for a source VTEP.
Parameters
| Parameter | Description | Value |
|---|---|---|
| ip-address | Specifies the IPv4 address of a source VTEP. |
The value is in dotted decimal notation. |
Usage Guidelines
Usage Scenario
VXLAN needs to be deployed on a downlink interface to provide access services and an uplink interface to establish a VXLAN tunnel.
To establish a VXLAN tunnel, configure IP addresses for the source and destination VTEPs.
To configure an IP address for a source VTEP, run this command. When access service packets reach a Network Virtualization Edge (NVE), the VTEP encapsulates the packets based on the IP addresses of source and destination VTEPs and forwards them.
Precautions
You can specify the IP address of a physical interface or a loopback interface as the IP address of the source VTEP. The address of a loopback interface is recommended.
Generally, the NVE interfaces of different devices must be configured with different VTEP addresses; otherwise, traffic forwarding errors may occur.
Follow-up Procedure
Run the vni head-end peer-list command to configure an IP address for a destination VTEP.
statistics enable (BD view)
Function
The statistics enable command enables statistics collection in a BD.
The undo statistics enable command disables statistics collection in a BD.
By default, statistics collection is disabled in a BD.
Usage Guidelines
Usage Scenario
Packet statistics in a BD provide information about the number of packets going into and leaving a BD.
To view packet statistics in a BD, run the statistics enable and display bridge-domain statistics commands in sequence. The information helps you locate faults.
Precautions
Only the X series card support VXLAN packet statistics collection.
undo mac-address bridge-domain
Parameters
Parameter |
Description |
Value |
|---|---|---|
| bd-id | Deletes MAC address entries of a specified BD. |
The value is an integer that ranges from 1 to 4095. The value is an integer that ranges from 1 to 16000 after the set vxlan resource super-mode command is used to set the super VXLAN resource mode. |
Usage Guidelines
The MAC address table space is limited on a device. If the number of MAC address entries reaches the upper limit, the device cannot learn new MAC address entries before some entries in the MAC address table are aged out. In this case, the device broadcasts packets from new users, wasting network resources. To solve the problem, you can run the undo mac-address bridge-domain command to manually delete unnecessary MAC address entries of a specified BD.
unknown-unicast-suppression (BD view)
Function
The unknown-unicast-suppression command enables unknown unicast traffic suppression in a BD.
The undo unknown-unicast-suppression command disables unknown unicast traffic suppression in a BD.
By default, unknown unicast traffic suppression is disabled in a BD.
Parameters
| Parameter | Description | Value |
|---|---|---|
| cir cir-value | Specifies the committed information rate (CIR), which is the allowed rate at which traffic can pass through. |
The value is an integer that ranges from 0 to 10000000, in kbit/s. |
| cbs cbs-value | Specifies the committed burst size (CBS), which is the maximum size of traffic that can pass through. |
The value is an integer that ranges from 10000 to 4294967295, in bytes. |
Usage Guidelines
Usage Scenario
When a large number of unknown unicast packets are transmitted on the network, a lot of network resources are occupied, and services on the network are affected. You can run the unknown-unicast-suppression command to enable unknown unicast traffic suppression in a BD and configure the maximum number of unknown unicast packets that can pass through a BD. When the unknown unicast traffic volume exceeds the specified threshold, the system discards excess unknown unicast packets.
Precautions
The EA, EC, ED series cards of the S7700 do not support traffic suppression in a BD.
vni head-end peer-list
Function
The vni head-end peer-list command configures an ingress replication list that contains the IP addresses of those remote VTEPs for a VXLAN network identifier (VNI).
The undo vni head-end peer-list command deletes the ingress replication list of a VNI.
By default, no ingress replication list is configured for any VNI.
Format
vni vni-id head-end peer-list ip-address &<1-10>
undo vni vni-id [ head-end peer-list ip-address &<1-10> ]
Usage Guidelines
Usage Scenario
After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets.
If a source VTEP on a VXLAN connects to multiple remote VTEPs on the same VXLAN segment, run the vni head-end peer-list command to configure an ingress replication list that contains the IP addresses of those remote VTEPs. After the source NVE receives BUM packets, the local VTEP sends a copy of the BUM packets to every VTEP in the list.
Precautions
You need to run the vni head-end peer-list command to configure the corresponding VTEP address even if the source VTEP matches only one destination VTEP.
Run the ping command to check whether a reachable route exists between two ends of the tunnel. If there is a reachable route, the tunnel can be established and packets can be normally forwarded. If the two devices have a route to each other but the route is unreachable, the tunnel can still go Up but packets cannot be forwarded.
vxlan statistics enable
Function
The vxlan statistics enable command enables statistics collection on VXLAN tunnel packets.
The undo vxlan statistics enable command disables statistics collection on VXLAN tunnel packets.
By default, statistics collection on VXLAN tunnel packets is disabled.
Format
vxlan statistics peer peer-ip-address [ vni vni-id ] enable
undo vxlan statistics peer peer-ip-address [ vni vni-id ] enable
Parameters
| Parameter | Description | Value |
|---|---|---|
| peer peer-ip-address | Specifies the IPv4 address of the destination VTEP. |
The value is in dotted decimal notation. |
| vni vni-id | Specifies a VNI ID. If vni vni-id is specified, the device collects packet statistics based on the VXLAN tunnel and VNI. If vni vni-id is not specified, the device collects packet statistics based on the VXLAN tunnel only. |
The value is an integer that ranges from 1 to 16777215. |
Usage Guidelines
Usage Scenario
VXLAN tunnel packet statistics provide information about the number of packets going into and leaving a VXLAN tunnel.
To view VXLAN tunnel packet statistics, run the vxlan statistics enable and display vxlan statistics commands in sequence.
Packet statistics collection based on the VXLAN tunnel and VNI and packet statistics collection based on the VXLAN tunnel are mutually exclusive. For example, if the vxlan statistics peer 10.1.1.1 vni 10 enable command is configured, do not configure the vxlan statistics peer 10.1.1.1 enable command. If the vxlan statistics peer 10.1.1.1 enable command is configured, do not configure the vxlan statistics peer 10.1.1.1 vni 10 enable command.
Precautions
Only the X series card support VXLAN packet statistics collection.
vxlan vni (BD view)
Function
The vxlan vni command associated a specified VNI with a BD.
The undo vxlan vni command restores the default settings.
By default, no VNI is associated with a BD.
Parameters
| Parameter | Description | Value |
|---|---|---|
| vni-id | Specifies a VNI ID. |
The value is an integer that ranges from 1 to 16777215. |
Usage Guidelines
Similar to VLAN ID, VNI is used to distinguish VXLAN segments.
On the VXLAN network, one VXLAN segment is a large Layer 2 BD; therefore, VNI and BD have a one-to-one mapping relationship.
You can run this command to configure the mapping relationship between VNIs and BDs. In this way, the VTEP can forward received packets through a correct VXLAN tunnel based on the mapping between BDs and VNIs.
- Command Support
- arp static bridge-domain
- arp static vni
- bridge-domain (Layer 2 sub-interface view)
- bridge-domain (system view)
- broadcast-suppression (BD view)
- description (BD view)
- display bridge-domain
- display bridge-domain statistics
- display interface nve
- display interface vbdif
- display mac-address bridge-domain
- display snmp-agent trap feature-name adpvxlan all
- display vxlan peer
- display vxlan statistics
- display vxlan tunnel
- display vxlan vni
- encapsulation (Layer 2 sub-interface view)
- interface nve
- interface vbdif
- l2 binding vlan
- multicast-suppression (BD view)
- mac-address static bridge-domain
- mac-address static bridge-domain vni
- reset bridge-domain statistics
- reset vxlan statistics
- service type vxlan-tunnel
- set vxlan resource super-mode
- snmp-agent trap enable feature-name adpvxlan
- source (NVE interface view)
- statistics enable (BD view)
- undo mac-address bridge-domain
- unknown-unicast-suppression (BD view)
- vni head-end peer-list
- vxlan statistics enable
- vxlan vni (BD view)
Previous
