No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VXLAN Service Access Point

Configuring a VXLAN Service Access Point

A VXLAN service access point can be a Layer 2 sub-interface or VLAN.

Context

When a Layer 2 sub-interface is used as a service access point, different encapsulation types can be configured for the sub-interface to transmit various types of data packets. After a Layer 2 sub-interface is added to a BD, the sub-interface can transmit data packets through this BD. Table 8-3 describes the different encapsulation types.
Table 8-3 Traffic encapsulation types

Traffic Encapsulation Type

Description

dot1q

If a Dot1q sub-interface receives a single-tagged VLAN packet, the sub-interface forwards only the packet with a specified VLAN ID. If a Dot1q sub-interface receives a double-tagged VLAN packet, the sub-interface forwards only the packet with a specified outer VLAN ID.

  • When performing VXLAN encapsulation on packets, a Dot1q Layer 2 sub-interface removes the outer tags of the packets.
  • When performing VXLAN decapsulation on packets, a Dot1q Layer 2 sub-interface adds specified VLAN tags to the packets.
When setting the encapsulation type to dot1q for a Layer 2 sub-interface, note the following:
  • The VLAN IDs specified for the Layer 2 sub-interface cannot be the same as either the VLAN IDs of packets allowed to pass through the corresponding Layer 2 interfaces or the MUX VLAN IDs.
  • Layer 2 and Layer 3 sub-interfaces cannot have the same VLAN IDs specified.

untag

An untagged Layer 2 sub-interface receives only packets that do not carry VLAN tags.

  • When performing VXLAN encapsulation on packets, an untagged Layer 2 sub-interface does not add any VLAN tag to the packets.
  • When performing VXLAN decapsulation on packets, an untagged Layer 2 sub-interface removes the VLAN tags of single-tagged inner packets or the outer VLAN tags of double-tagged inner packets.
When setting the encapsulation type to untag for a Layer 2 sub-interface, note the following:
  • Ensure that the corresponding physical interface of the Layer 2 sub-interface does not have any configuration, and is removed from the default VLAN.
  • Untagged Layer 2 sub-interfaces can be configured only for Layer 2 physical interfaces and Eth-Trunk interfaces.
  • An interface can have only one untagged Layer 2 sub-interface configured.

qinq

A QinQ sub-interface receives only tagged packets with specified inner and outer VLAN tags.

  • When performing VXLAN encapsulation on packets, a QinQ sub-interface removes two VLAN tags from packets if the action of the Layer 2 sub-interface is set to removing two VLAN tags and maintains the VLAN tags of packets if the action of the Layer 2 sub-interface is not set to removing two VLAN tags.
  • When performing VXLAN decapsulation on packets, a QinQ sub-interface adds two specific VLAN tags to packets if the action of the Layer 2 sub-interface is set to removing two VLAN tags and maintain the VLAN tags of packets if the action of the Layer 2 sub-interface is not set to removing two VLAN tags.
When a Layer 2 sub-interface with the encapsulation type of default or QinQ transparent transmission (without the rewrite pop double command) is bound to a BD, this BD does not support IGMP snooping, DHCP snooping, VBDIF interfaces, or ARP broadcast suppression.
NOTE:

The traffic behavior for QinQ interfaces bound to the same BD must be the same. In a VXLAN networking, the traffic behavior for different devices' QinQ interfaces bound to the same BD must be the same.

If a QinQ Layer 2 sub-interface have an outer VLAN ID range or inner VLAN ID range, the rewrite pop double command cannot be configured on the interface.

The outer VLAN encapsulated for a Layer 2 QinQ sub-interface cannot be the same as the default VLAN and allowed VLAN of the corresponding Layer 2 main interface.

default

A default Layer 2 sub-interface receives all packets, irrespective of whether the packets carry VLAN tags.

When performing VXLAN encapsulation and decapsulation on packets, a default Layer 2 sub-interface does not process VLAN tags of the packets.

When setting the encapsulation type to default for a Layer 2 sub-interface, note the following:
  • Ensure that the interface for the Layer 2 sub-interface is not added to any VLAN.
  • Default Layer 2 sub-interfaces can be configured only for Layer 2 physical interfaces and Eth-Trunk interfaces.
  • If a default Layer 2 sub-interface is created for an interface, the interface cannot have other types of Layer 2 sub-interfaces configured.
NOTE:
When a sub-interface that is configured with dot1q and QinQ receives double-tagged VLAN packets, the QinQ sub-interface preferentially processes the packets. For example, if a dot1q and QinQ sub-interface carries the VLAN ID of 10 for dot1q and outer VLAN ID of 10 and inner VLAN ID of 20 for QinQ and receives a packet with the outer VLAN ID of 10 and inner VLAN ID of 20, the QinQ sub-interface preferentially processes the packet. If a dot1q and QinQ sub-interface carries the VLAN ID of 10 for dot1q and outer VLAN ID of 10 and inner VLAN ID of 20 for QinQ and receives a packet with the outer VLAN ID of 10 and inner VLAN ID of non-20, the dot1q sub-interface preferentially processes the packet.

If a VLAN is used as a service access point, it can be bound to a BD for data packets in the VLAN to be transmitted through this BD.

Configure a service access point on a Layer 2 gateway.

When the VXLAN service access point is a VLAN, the processing of packet receiving and sending is determined by the attribute of the interface that joins the VLAN, as shown in Table 8-4.
Table 8-4 Frame processing based on the port type

Port Type

Untagged Frame Processing

Tagged Frame Processing

Frame Transmission

Access port

Accepts an untagged frame and adds a tag with the default VLAN ID to the frame.

  • Accepts the tagged frame if the frame's VLAN ID matches the default VLAN ID.
  • Discards the tagged frame if the frame's VLAN ID differs from the default VLAN ID.

After the PVID tag is stripped, the frame is transmitted.

Trunk port

  • Adds a tag with the default VLAN ID to the untagged frame and then transmits it if the default VLAN ID is permitted by the port.

  • Adds a tag with the default VLAN ID to the untagged frame and then discards it if the default VLAN ID is denied by the port.
  • Accepts a tagged frame if the VLAN ID carried in the frame is permitted by the port.
  • Discards a tagged frame if the VLAN ID carried in the frame is denied by the port.
  • If the frame's VLAN ID matches the default VLAN ID and the VLAN ID is permitted by the port, the switch removes the tag and transmits the frame.
  • If the frame's VLAN ID differs from the default VLAN ID, but the VLAN ID is still permitted by the port, the switch will directly transmit the frame.

Hybrid port

  • Adds a tag with the default VLAN ID to an untagged frame and accepts the frame if the port permits the default VLAN ID.

  • Adds a tag with the default VLAN ID to an untagged frame and discards the frame if the port denies the default VLAN ID.
  • Accepts a tagged frame if the VLAN ID carried in the frame is permitted by the port.
  • Discards a tagged frame if the VLAN ID carried in the frame is denied by the port.

If the frame's VLAN ID is permitted by the port, the frame is transmitted. The port can be configured whether to transmit frames with tags.

QinQ port

QinQ ports are enabled with the IEEE 802.1 QinQ protocol. A QinQ port adds a tag to a single-tagged frame, and supports a maximum of 4094 x 4094 VLAN tags, which meets the requirement on the number of VLANs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bridge-domain bd-id

    A BD is created, and the BD view is displayed.

    By default, no BD is created.

  3. (Optional) Run description description

    A description is configured for the BD.

    By default, no description is configured for a BD.

  4. (Optional) Run split-horizon enable

    Configure split horizon in a Bridge Domain.

    By default, split horizon is disabled in a Bridge Domain.

    When different member interfaces use a BD to forward packets on a VXLAN, to minimize broadcast, member interfaces that do not need to communicate can be isolated. After the command is run, unicast, multicast, and broadcast traffic between different member interfaces in the BD is then isolated.

  5. Run quit

    Return to the system view.

  6. Configure a service access point.

    • Configure a VLAN as a service access point.
      NOTE:
      • After a VLAN is bound to a BD, you cannot create a VBDIF interface for the BD, and you cannot create a VLANIF interface for the VLAN either.
      • VLAN and BD use 1:1 mapping. That is, a VLAN can be bound to only one BD, and only one VLAN can be bound to a BD.
      • Binding a VLAN to a BD is exclusive with ARP broadcast suppression. After a VLAN is configured as a VXLAN service access point, do not configure ARP broadcast suppression.
      • After a VLAN is bound to a BD, the BD becomes the broadcast domain. Therefore, other service configurations such as DHCP Snooping and IGMP Snooping in the VLAN become invalid.
      1. Run bridge-domain bd-id

        The view of an existing BD is displayed.

      2. Run l2 binding vlan vlan-id

        A global VLAN is bound to the BD.

        By default, VLANs are not bound to any BD.

        NOTE:

        Before performing this step, ensure that a global VLAN has been created. After binding the global VLAN to the BD, add the related device interfaces to the VLAN.

      3. Run commit

        The configuration is committed.

    • Configure a Layer 2 sub-interface as a service access point.
      1. (Optional) Configure VXLAN access through Layer 2 sub-interfaces on STP networks.
        1. Run interface interface-type interface-number

          The interface view is displayed.

        2. Run loop-protect l2-subinterface enable

          Layer 2 sub-interfaces of the interface are enabled to inherit the blocked/forwarding status of the interface.

          By default, Layer 2 sub-interfaces do not inherit the blocked/forwarding status of the main interface.

          When Layer 2 sub-interfaces on legacy STP networks are used for VXLAN access, loops may occur on the STP networks. To prevent loops, run the loop-protect l2-subinterface enable command to enable Layer 2 sub-interfaces of an interface to inherit the blocked/forwarding status of the interface.

          Before running the loop-protect l2-subinterface enable command, configure STP on the interface.

        3. Run quit

          Return to the system view.

      2. Run interface interface-type interface-number.subnum mode l2

        A Layer 2 sub-interface is created, and the sub-interface view is displayed.

        By default, no Layer 2 sub-interface is created.

        NOTE:

        Before running this command, ensure that the Layer 2 interface for which a Layer 2 sub-interface is created does not have the port link-type dot1q-tunnel command configuration. If this configuration exists, run the undo port link-type command to delete the configuration.

      3. Run encapsulation { dot1q [ vid ce-vid ] | default | untag | qinq [ vid pe-vid ce-vid ce-vid ] }

        Or run encapsulation qinq vid low-pe-vid [ to high-pe-vid ] ce-vid low-ce-vid [ to high-ce-vid ]

        An encapsulation type is configured for the Layer 2 sub-interface.

        By default, no encapsulation type is configured for Layer 2 sub-interfaces.

        NOTE:

        You are advised to configure the same traffic encapsulation type on the devices at two ends of a tunnel.

        After IGMP snooping is enabled in a BD, the encapsulation type on the Layer 2 sub-interface bound to the BD cannot be changed.

      4. (Optional) Run rewrite pop double

        The sub-interface is enabled to remove double VLAN tags from received packets if the encapsulation type of the sub-interface is set to QinQ.

        By default, a Layer 2 sub-interface with the encapsulation type being QinQ is enabled to transparently transmit received packets.

      5. Run bridge-domain bd-id

        The Layer 2 sub-interface is added to a BD so that the sub-interface can transmit data packets through this BD.

        By default, Layer 2 sub-interfaces are not added to any BD.

        NOTE:

        After a Layer 2 sub-interface with the traffic encapsulation type set to default or qinq transparent transmission (without rewrite pop double) is added to a BD, you cannot create a VBDIF interface for the BD.

      6. Run commit

        The configuration is committed.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 30953

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next