SupportDocumentationSwitchesCampus SwitchS3700&S5700&S6700Reference GuidesCommand Reference

CloudEngine S3700, S5700 and S6700 V600R022C10 Command Reference

VXLAN Configuration Commands

VXLAN Configuration Commands

advertise l2vpn evpn (BGP multi-instance VPN instance IPv4 address family view)

Function

The advertise l2vpn evpn command enables a device to advertise IP routes from a VPN instance to its EVPN instance.

The undo advertise l2vpn evpn command restores the default configuration..

By default, a device is disabled from advertising IP routes from a VPN instance to its EVPN instance.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

advertise l2vpn evpn [ import-route-multipath ]

undo advertise l2vpn evpn [ import-route-multipath ]

Parameters

Parameter Description Value
import-route-multipath

Advertises all routes with the same destination address in a VPN instance to an EVPN instance.

-

Views

BGP multi-instance VPN instance IPv4 address family view

Default Level

2: Configuration level

Usage Guidelines

After VTEPs establish VXLAN tunnels through IP prefix routes, run the advertise l2vpn evpn command to enable a VTEP to advertise host routes from a VPN instance to its EVPN instance. The VTEP then sends host routes to the remote VTEP through the BGP EVPN peer relationship.

By default, the VPN instance local cross-route is not sent to the EVPN instance. To solve the problem of mutual access between different VRFs, you can enable the VPN instance to publish the local cross-connect function to the EVPN instance, and send the local cross-route collected by the VPN instance To the EVPN instance, and then send it to the remote device through the BGP EVPN peer relationship.

In BGP VPN multi-instance scenarios, routes cannot be locally leaked between BGP VPN instances. For example, if VRF1 is a common BGP VPN instance and VRF2 is a BGP VPN multi-instance, routes imported or remotely leaked to VRF1 cannot be locally leaked to VRF2.

Example

# Enable a device to advertise IP routes from VPN instance vpna to its EVPN instance.
<HUAWEI> system-view
[HUAWEI] ip vpn-instance vpna
[HUAWEI-vpn-instance-vpna] route-distinguisher 1:1
[HUAWEI-vpn-instance-vpna-af-ipv4] quit
[HUAWEI-vpn-instance-vpna] quit
[HUAWEI] bgp 100 instance evrf
[HUAWEI-bgp-instance-evrf] ipv4-family vpn-instance vpna
[HUAWEI-bgp-instance-evrf-vpna] advertise l2vpn evpn

advertise l2vpn evpn best-route valid-routes (BGP multi-instance VPN instance IPv4 address family view)

Function

The advertise l2vpn evpn valid-routes command enables a device to advertise only valid IP routes from a VPN instance to its EVPN instance.

The advertise l2vpn evpn best-route command enables a device to advertise only best IP routes from a VPN instance to its EVPN instance.

The undo advertise l2vpn evpn command restores the default configuration.

By default, a device is disabled from advertising IP routes from a VPN instance to its EVPN instance.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

advertise l2vpn evpn { best-route | valid-routes } [ import-route-multipath ]

undo advertise l2vpn evpn { best-route | valid-routes } [ import-route-multipath ]

Parameters

Parameter Description Value
import-route-multipath

Advertises all routes with the same destination address in a VPN instance to an EVPN instance.

-

Views

BGP multi-instance VPN instance IPv4 address family view

Default Level

2: Configuration level

Usage Guidelines

After VTEPs establish VXLAN tunnels through IP prefix routes, run the advertise l2vpn evpn command to enable a VTEP to advertise host routes from a VPN instance to its EVPN instance. The VTEP then sends host routes to the remote VTEP through the BGP EVPN peer relationship.

By default, the device advertises all routes in the BGP VPN routing table to the BGP EVPN routing table including invalid routes. To prevent advertising the invalid routes, you need to specify valid-routes parameter. If you want only optimal BGP VPN routes to be advertised to BGP EVPN routing table, specify best-route parameter.

To implement even load balancing, run the advertise l2vpn evpn command with the import-route-multipath parameter specified. This configuration allows the VPN instance to advertise all the routes with the same destination address to the EVPN instance.

By default, the VPN instance local cross-route is not sent to the EVPN instance. To solve the problem of mutual access between different VPN instances, you can enable the VPN instance to publish the local cross-connect function to the EVPN instance, and send the local cross-route collected by the VPN instance To the EVPN instance, and then send it to the remote device through the BGP EVPN peer relationship.

In BGP VPN multi-instance scenarios, routes cannot be locally leaked between BGP VPN instances. For example, if VRF1 is a common BGP VPN instance and VRF2 is a BGP VPN multi-instance, routes imported or remotely leaked to VRF1 cannot be locally leaked to VRF2.

Example

# Enable a device to advertise IP routes from VPN instance vpna to its EVPN instance.
<HUAWEI> system-view
[HUAWEI] ip vpn-instance vpna
[HUAWEI-vpn-instance-vpna] route-distinguisher 1:1
[HUAWEI-vpn-instance-vpna-af-ipv4] quit
[HUAWEI-vpn-instance-vpna] quit
[HUAWEI] bgp 100 instance evrf
[HUAWEI-bgp-instance-evrf] ipv4-family vpn-instance vpna
[HUAWEI-bgp-instance-evrf-vpna] advertise l2vpn evpn valid-routes

alarm-threshold route

Function

The alarm-threshold route command sets a threshold and log recovery percentage for the number of EVPN routes.

The undo alarm-threshold route command cancels the settings.

By default, the threshold and log recovery percentage for the number of EVPN routes are not configured.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

alarm-threshold route route-number [ recovery-percentage percentage ]

undo alarm-threshold route route-number [ recovery-percentage percentage ]

Parameters

Parameter Description Value
route-number

Specifies the threshold for the number of EVPN routes.

The value is an integer ranging from 1 to 4294967295.
recovery-percentage percentage

Specifies the log recovery percentage.

The value is an integer ranging from 1 to 95. After the threshold for the number of EVPN routes is set, the log recovery percentage is 80 by default.

Views

BGP-EVPN address family view,bgp-muli-instance-af-evpn view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a distributed VXLAN gateway is deployed, EVPN serves as the control plan to deliver routes. As more and more hosts access the gateway, routes stored on the control plane increase greatly, consuming a lot of memory resources. To better monitor the impact of an increase in route quantity on memory and prevent device restart caused by memory insufficiency, run the alarm-threshold route command to set a threshold for the number of routes. When the number of routes exceeds the threshold, a user log will be generated. When the number of routes equals the log recovery percentage, a recovery log will be generated.

Example

# Set a threshold and log recovery percentage for the number of EVPN routes.
<HUAWEI> system-view
[HUAWEI] bgp 100
[HUAWEI-bgp] l2vpn-family evpn
[HUAWEI-bgp-af-evpn] alarm-threshold route 10000 recovery-percentage 90

assign forward nvo3 udp src-port extend enable

Function

The assign forward nvo3 udp src-port extend enable command enables a device to use the extension mode to encapsulate the outer UDP source port number of VXLAN packets.

The undo assign forward nvo3 udp src-port extend enable command disables a device from using the extension mode to encapsulate the outer UDP source port number of VXLAN packets.

By default, the extension mode is not used when the device encapsulates the outer UDP source port number of VXLAN packets.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

assign forward nvo3 udp src-port extend enable

undo assign forward nvo3 udp src-port extend enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When a device encapsulates the outer header of a VXLAN packet, the UDP source port number is the value calculated using the hash algorithm for the inner packet. The source port number can be used for load balancing on the network. If load balancing based on the UDP source port number is not ideal, you are advised to run this command to set the calculation mode of the UDP source port number to extension mode to improve the load balancing effect on the entire network.

Example

# Enable the device to use the extension mode when encapsulating the outer UDP source port number of VXLAN packets.
<HUAWEI> system-view
[HUAWEI] assign forward nvo3 udp src-port extend enable

bridge-domain

Function

The bridge-domain command creates a bridge domain as a broadcast domain and displays the bridge domain view.

The undo bridge-domain command removes a bridge domain which is a broadcast domain.

By default, no bridge domain is created.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

bridge-domain bd-id

undo bridge-domain bd-id

Parameters

Parameter Description Value
bridge-domain bd-id

Specifies a BD ID.

The value is an integer ranging from 1 to 16777215.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A metro Ethernet network consists of the following broadcast domains:

  • Global virtual local area network (VLAN): a traditional broadcast domain that transmits Layer 2 services.In a metro Ethernet network, VLANs are used to prevent broadcast storms. A 12-bit VLAN tag defined in IEEE 802.1Q identifies a maximum of only 4096 VLANs, which is insufficient for a great number of users in the metro Ethernet. The 802.1Q in 802.1Q (QinQ) technology is developed to increase the number of VLAN tags.QinQ relieves the VLAN resource insufficiency but has its own drawback. If only QinQ is used to implement local switch services, the virtual private LAN service (VPLS) must be configured. QinQ cannot simultaneously provide the local switch service and Layer 3 packet termination service.
  • Virtual switching instance (VSI): a broadcast domain that transmits VPLS services.
  • A VSI is sold as a whole to a single user, and the user can plan VLANs and service traffic in the VSI.
  • VLANs over a VSI cannot be isolated, imposing traffic security risks. If various VLANs in a VSI have the same MAC address, the learned MAC entry is changed, which causes incorrect service forwarding.

    To resolve the preceding problems, EVC introduces the bridge domain as a broadcast domain. To create a bridge domain, run the bridge-domain command. Bridge domains provide the following functions:
  • Supports the VLAN and QinQ service local switch function. Allows different bridge domains to transmit traffic of the same VSI, and traffic in various bridge domains are distinguished using bridge domain IDs.
  • Each bridge domain is a broadcast domain, which implements broadcast domain isolation. MAC address learning is based on a specific bridge domain, which prevents MAC entry changes.

Precautions

Multiple bridge domains can be created on a device. Bridge domains are irrelevant to VLAN tags carried in packets.

Example

# Create a BD with ID 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10

bridge-domain (Layer 2 sub interface view)

Function

The bridge-domain command adds an EVC Layer 2 sub-interface to a bridge domain.

The undo bridge-domain command removes an EVC Layer 2 sub-interface from a bridge domain.

By default, no EVC Layer 2 sub-interface is added to a bridge domain.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

bridge-domain bd-id

undo bridge-domain

Parameters

Parameter Description Value
bridge-domain bd-id

Specifies a bridge domain ID.

The bd-id value is an integer ranging from 1 to 16777215.

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,GE Layer 2 sub-interface view,Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Before a created bridge domain can forward service packets, a sub-interface must be added to the bridge domain using the bridge-domain command in a specific EVC Layer 2 sub-interface view.

Prerequisites

Before running the bridge-domain command in the EVC Layer 2 sub-interface view, complete the following tasks:

  1. Run the bridge-domain <bd-id> command in the system view to create a bridge domain.
  2. Run the interface <interface-type> <interface-number.subnum> mode l2 command in the system view to create an EVC Layer 2 sub-interface.

Example

# Add EVC Layer 2 sub-interface to bridge domain 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] quit
[HUAWEI] interface 10GE1/0/1.1 mode l2
[HUAWEI-10GE1/0/1.1] bridge-domain 10

description (Bridge domain view)

Function

The description command configures a bridge domain (BD) description.

The undo description command deletes a description of a bridge domain.

By default, no bridge domain description is configured.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

description description

undo description

Parameters

Parameter Description Value
description

Specifies a bridge domain description.

The value is a string of 1 to 80 case-sensitive characters, spaces supported.

Views

Bridge domain view

Default Level

2: Configuration level

Usage Guidelines

You can run the bridge-domain bd-id command to configure multiple bridge domains to transmit various services. To describe each bridge domain, run the description command in a specific BD view. The description helps rapidly understand the bridge domain's function, which facilitates service management.

Example

# Configure the description VLAN for the bridge domain with ID 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] description VLAN

description (VNI peer view)

Function

The description command configures a description for a peer VXLAN tunnel.

The undo description command deletes the description configured for a peer VXLAN tunnel.

By default, no description is configured for a peer VXLAN tunnel.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

description desc

undo description [ desc ]

Parameters

Parameter Description Value
desc

Specifies a description for a peer VXLAN tunnel.

The value is a string of 1 to 64 case-sensitive characters, spaces supported.

Views

VNI peer view

Default Level

2: Configuration level

Usage Guidelines

To use the DHCP Option 82 function in a BD for security reasons, run the description command to configure different descriptions for different VXLAN tunnels. The descriptions carried in the Option 82 fields of DHCP packets help you determine through which VXLAN tunnel each user goes online.

Example

# Configure the description as VXLAN for a VXLAN tunnel with the VNI ID of 4096 and the peer IP address of 1.1.1.1.
<HUAWEI> system-view
[HUAWEI] vni 4096
[HUAWEI-vni4096] peer 1.1.1.1
[HUAWEI-vni4096-peer1.1.1.1] description VXLAN

display bridge-domain

Function

The display bridge-domain command displays bridge domain (BD) configurations.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display bridge-domain [ binding-info | bdid [ verbose | brief | binding-info ] ]

Parameters

Parameter Description Value
binding-info

Displays the binding information between BDs and VNIs, VSIs, and EVPN instances.

-
bdid

Displays information about a BD with a specified ID.

The value is an integer ranging from 1 to 16777215.
verbose

Displays detailed BD information.

-
brief

Displays brief BD information.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After BDs are configured on a device, to view BD information, run the display bridge-domain command. The command output contains bridge domain configurations. The command output helps verify the configuration and analyze faults.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display detailed configurations of BD 10.
<HUAWEI> display bridge-domain 10 verbose
Bridge-domain ID        : 10
  Description             : vni 5010
  State                   : Up
  MAC Learning            : Enable
  Statistics              : Disable
  Broadcast               : Forward
  Unknown-unicast         : Forward
  Unknown-multicast       : Forward
  Split-horizon           : Disable
  Vxlan Vni               : 5010
  VSI                     : 
  EVPN                    :
  ----------------
Interface                                State
  100GE1/0/1.1                           up
# Display the configurations of all BDs configured on a device.
<HUAWEI> display bridge-domain
The total number of bridge-domains is : 2
--------------------------------------------------------------------------------
MAC_LRN: MAC learning;         STAT: Statistics;         SPLIT: Split-horizon;
BC: Broadcast;                 MC: Unknown multicast;    UC: Unknown unicast;
*down: Administratively down;  FWD: Forward;             DSD: Discard;
--------------------------------------------------------------------------------

BDID  State MAC-LRN STAT    BC  MC  UC  SPLIT   Description
--------------------------------------------------------------------------------
10    up    enable  enable  FWD FWD DSD disable VLAN
20    up    enable  disable FWD FWD FWD disable VLAN
# Display the configurations of BD 10 configured on a device.
<HUAWEI> display bridge-domain 10
--------------------------------------------------------------------------------
MAC_LRN: MAC learning;         STAT: Statistics;         SPLIT: Split-horizon;
BC: Broadcast;                 MC: Unknown multicast;    UC: Unknown unicast;
*down: Administratively down;  FWD: Forward;             DSD: Discard;
U: Up;         D: Down;
--------------------------------------------------------------------------------

BDID         Ports                                                          
--------------------------------------------------------------------------------
10                                                                               

BDID  State MAC-LRN STAT    BC  MC  UC  SPLIT   Description
--------------------------------------------------------------------------------
10    down  enable  disable FWD FWD FWD disable                                 

BDID         VLANIDs                                                          
--------------------------------------------------------------------------------
10           1(D)
# Display the brief configurations of BD 10.
<HUAWEI> display bridge-domain 10 brief
--------------------------------------------------------------------------------
*down: Administratively down;           U:Up;            D:Down;
--------------------------------------------------------------------------------

BDID       State Ports
--------------------------------------------------------------------------------
10         up    Eth-Trunk1.10(U)              Eth-Trunk2.1(U)
# Display the binding information between BDs and VNIs, VSIs, and EVPN instances.
<HUAWEI> display bridge-domain binding-info
--------------------------------------------------------------------------------  
BDID     VNI      VSI              EVPN
--------------------------------------------------------------------------------
1        1                         vpntest1        
2        2                         vpntest2
3        3                         vpntest3
Table 2-771 Description of the display bridge-domain command output
Item Description
Bridge-domain ID

ID of each BD.

A BD can be configured using the bridge-domain bd-id command in the system view.
Description

Description of a BD.

To configure a bridge domain description, run the description command in the BD view.
State

BD status:

  • up: An EVC Layer 2 sub-interface is added to a BD, and the EVC Layer 2 sub-interface status is Up.
  • down: its meaning is as follows:
    • No EVC Layer 2 sub-interface is added to a BD.
    • An EVC Layer 2 sub-interface is added to a BD, and the EVC Layer 2 sub-interface status is Down.

A BD goes Up when at least one member interface in the BD is Up.
MAC Learning

Whether the MAC address learning function is enabled in a BD:

  • disable.
  • enable.
Statistics

Whether a device is enabled to collect statistics about packets transmitted in a BD:

  • disable.
  • enable.
Broadcast

Whether a device forwards broadcast packets in a BD:

  • FWD: The device forwards broadcast packets in a BD.
  • DSD: The device discards broadcast packets in a BD.
Unknown-unicast

Whether a device forwards unknown unicast packets in a BD:

  • FWD: The device forwards unknown unicast packets in a BD.
  • DSD: The device discards unknown unicast packets in a BD.
Unknown-multicast

Whether a device forwards multicast packets in a BD:

  • FWD: The device forwards multicast packets in a BD.
  • DSD: The device discards multicast packets in a BD.
Split-horizon

Whether split horizon is enabled in a BD:

  • disable.
  • enable.
Vxlan Vni

VNI bound to a BD.
VSI

VSI bound to a BD.
EVPN

EVPN instance bound to a BD.
Interface

Interface bound to the BD.
The total number of bridge-domains is

Total number of BDs configured on a device.
BDID

ID of each BD.

A BD can be configured using the bridge-domain bd-id command in the system view.
MAC-LRN

Whether the MAC address learning function is enabled in a BD:

  • disable.
  • enable.
STAT

Whether a device is enabled to collect statistics about packets transmitted in a BD:

  • disable.
  • enable.
BC

Whether a device forwards broadcast packets in a BD:

  • FWD: The device forwards broadcast packets in a BD.
  • DSD: The device discards broadcast packets in a BD.
MC

Whether a device forwards multicast packets in a BD:

  • FWD: The device forwards multicast packets in a BD.
  • DSD: The device discards multicast packets in a BD.
UC

Whether a device forwards unknown unicast packets in a BD:

  • FWD: The device forwards unknown unicast packets in a BD.
  • DSD: The device discards unknown unicast packets in a BD.
SPLIT

Whether split horizon is enabled in a BD:

  • disable.
  • enable.
Ports

The status of an EVC Layer 2 sub-interface in a BD can be:

  • UP: The data link layer protocol of the EVC Layer 2 sub-interface starts properly.
  • Down: The data link layer protocol of the EVC Layer 2 sub-interface starts is abnormal.
VLANIDs

ID of the VLAN bound to a BD.
VNI

VNI bound to a BD.

A VNI can be bound to a BD using the vxlan vni vni-id command in the BD view.

display bridge-domain statistics

Function

The display bridge-domain statistics command displays statistics about packets transmitted in a bridge domain (BD).

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display bridge-domain bd-id statistics

Parameters

Parameter Description Value
bd-id

Specifies a BD number.

The value is an integer ranging from 1 to 16777215.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To check traffic statistics of a BD when monitoring it, run the display bridge-domain statistics command. The command output helps locate faults.

Prerequisites

To ensure that the display bridge-domain statistics command displays valid statistics entries, you must have performed the following operations before running the display bridge-domain statistics command:

  • A BD has been created using the bridge-domain command in the system view.
  • Traffic statistics collection has been enabled for the BD using the statistics enable command in the BD view.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display packet statistics in bridge domain 10.
<HUAWEI> display bridge-domain 10 statistics
-------------------------------------------------------------------------------------------
Item                     Packets                       Bytes     Packets/s          Bytes/s
-------------------------------------------------------------------------------------------
Inbound                         0                          0             0                0
Outbound                        0                          0             0                0
-------------------------------------------------------------------------------------------
Table 2-772 Description of the display bridge-domain statistics command output
Item Description
Item

Inbound or outbound.
Packets

Packet numbers.
Bytes

Bytes.
Packets/s

Packets per second.
Bytes/s

Bytes per second.

display fwm vxlan statistics

Function

The display fwm vxlan statistics command displays VXLAN module statistics on a specified board.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display fwm vxlan { l2subif | bridge-domain | tunnel | evpn } statistics [ all ] slot slotid

Parameters

Parameter Description Value
l2subif

Specifies a Layer 2 sub-interface.

-
bridge-domain

Specifies a broadcast domain.

-
tunnel

Indicates the tunnel module.

-
evpn

Indicates the EVPN module.

-
all

Indicates all statistics.

-
slot slotid

Specifies the slot ID.

The value is a string of 1 to 49 case-sensitive characters, spaces not supported.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display fwm vxlan { l2subif | bridge-domain | tunnel | evpn } statistics [ all ] slot <slotid> command to check the delivery of each sub-service of the VXLAN module. This command displays statistics in a list. Each line indicates a piece of statistics.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display statistics about the VXLAN module on a specified board.
<HUAWEI> display fwm vxlan bridge-domain statistics slot 1
Id     Statistic description                    Counter           Last timestamp
--------------------------------------------------------------------------------
1      BD read bdentrystate                           1  04-27-2020 15:41:49.930
2      BD write bdentry                               4  04-27-2020 15:41:49.934
Table 2-773 Description of the display fwm vxlan statistics command output
Item Description
Id

Statistics counter ID.
Statistic description

Statistics counter description about a specific service.
Counter

Number of statistics counters.
Last timestamp

Last update time of the statistics counter.

display vxlan peer

Function

The display vxlan peer command displays ingress replication lists of a VNI or all VNIs.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display vxlan peer [ vni vni-id ]

Parameters

Parameter Description Value
vni vni-id

Specifies a VNI.

The value is an integer ranging from 1 to 16000000.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

If you want to check the VNI and source and destination IP address in an ingress replication list after a VXLAN is configured, run the display vxlan peer command. The command output helps you determine whether the VXLAN is correctly configured.

Precautions

Before running the display vxlan peer command, ensure that the specified VNI exists. Otherwise, the information obtained will be inapplicable.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display ingress replication lists of all VNIs.
<HUAWEI> display vxlan peer
Number of peers : 1
Vni ID    Source                  Destination            Type      Out Vni ID    Creation Mode
----------------------------------------------------------------------------------------------
1000      1.1.1.1                 2.2.2.2                static    1000          implicit
# Display ingress replication lists of the VNI with the ID of 1000.
<HUAWEI> display vxlan peer vni 1000
Number of peers : 1
Vni ID    Source                  Destination            Type      Out Vni ID    Creation Mode
----------------------------------------------------------------------------------------------
1000      1.1.1.1                 2.2.2.2                static    1000          implicit
Table 2-774 Description of the display vxlan peer command output
Item Description
Number of peers

Number of ingress replication lists.
Vni ID

VNI ID, which is configured using the vxlan vni vni-id command.
Source

Source VTEP's IP address, which can be configured using the source ip-address command.
Destination

IP address of the remote VTEP with the Type of static, which can be configured using the vni vni-id head-end peer-list command.
Type

Method for configuring an ingress replication list.

  • static: The ingress replication list is configured using the vni head-end peer-list command.
  • dynamic: The ingress replication list is dynamically generated by BGP after the vni head-end peer-list protocol bgp command is run.
Out Vni ID

Outbound VNI ID identifying a segment VXLAN tunnel.
Creation Mode

The creation mode of the ingress replication list:

-implicit: The creation mode of the ingress replication list is implicit.

-explicit: The creation mode of the ingress replication list is explicit.

display vxlan statistics

Function

The display vxlan statistics command displays VXLAN packet statistics.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display vxlan statistics source source-ip peer peer-ip vni vni-id

display vxlan statistics vni vni-id

display vxlan statistics source source-ip peer peer-ip

Parameters

Parameter Description Value
peer peer-ip

Displays VXLAN packet statistics collected based on the IP address of the peer virtualized edge node.

The value is in dotted decimal notation.
vni vni-id

Displays VXLAN packets statistics collected based on a specified VNI ID.

The value is an integer ranging from 1 to 16777215.
source source-ip

Displays VXLAN packets statistics collected based on the source IP address.

The value is in dotted decimal notation.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After you run the vxlan statistics enable command to enable VXLAN packet statistics collection in the NVE interface view, you can run the display vxlan statistics command to view packet statistics by VNI and VXLAN tunnel.

Precautions

Only traffic statistics collection for VNIs in interworking mode is supported.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display VXLAN packet statistics collected based on the VNI with the ID of 1.
<HUAWEI> display vxlan statistics vni 1
-------------------------------------------------------------------------------------------
Item                     Packets                       Bytes     Packets/s          Bytes/s
-------------------------------------------------------------------------------------------
Inbound            13,399,602,115          2,331,530,768,010       190,897       33,216,123
Outbound           10,821,560,506          1,864,696,688,120        42,986        7,479,634
-------------------------------------------------------------------------------------------
# Display VXLAN packet statistics collected based on the source IP address 1.1.1.1, and the IP address of the peer virtualized edge node as 1.1.1.2.
<HUAWEI> display vxlan statistics source 1.1.1.1 peer 1.1.1.2
-------------------------------------------------------------------------------------------
Item                     Packets                       Bytes     Packets/s          Bytes/s
-------------------------------------------------------------------------------------------
Inbound             1,766,628,190            306,970,426,564       190,948       33,225,118
Outbound              922,624,140            159,239,805,508        20,209        3,516,422
-------------------------------------------------------------------------------------------
# Display VXLAN packet statistics collected based on the source IP address 1.1.1.1, VNI with the ID of 1, and the IP address of the peer virtualized edge node as 1.1.1.2.
<HUAWEI> display vxlan statistics source 1.1.1.1 peer 1.1.1.2 vni 1
-------------------------------------------------------------------------------------------
Item                     Packets                       Bytes     Packets/s          Bytes/s
-------------------------------------------------------------------------------------------
Inbound             1,608,444,626            279,869,364,924       191,298       33,285,908
Outbound              922,508,265            159,219,643,258        20,246        3,522,820
-------------------------------------------------------------------------------------------
Table 2-775 Description of the display vxlan statistics command output
Item Description
Item

Statistical item.
Packets

Number of packets.
Bytes

Number of bytes.
Packets/s

Indicates the rate of packets.
Bytes/s

Indicates the rate of bytes.
0 unknown-unicast-drops

Number of discarded unknown unicast packets.
0 unknown-multicast-drops

Number of discarded unknown multicast packets.
0 broadcasts-drops

Number of discarded broadcast packets.

display vxlan troubleshooting

Function

The display vxlan troubleshooting command displays causes for VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display vxlan troubleshooting

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If a VXLAN tunnel goes Down or fails to be dynamically created, run the display vxlan troubleshooting command to check causes for fault locating.

This command can display causes for the recent five VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures at most.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display causes for the VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures.
<HUAWEI> display vxlan troubleshooting
Total counts: 2
--------------------------------------------------------------------------------
Sequence   Time                       Event Description                         
--------------------------------------------------------------------------------
1          2016-02-26 01:40:22        The VXLAN tunnel is down because the route
                                       to the source or destination address is u
                                      nreachable (SourceIpAddress=1.1.1.1, Desti
                                      nationIpAddress=2.2.2.2).                 
2          2016-02-26 01:40:22        The number of VXLAN tunnel exceeded the thr
                                      eshold (Threshold=16384). 
--------------------------------------------------------------------------------
Table 2-776 Description of the display vxlan troubleshooting command output
Item Description
Total counts

Number of VXLAN tunnel Down events and dynamic VXLAN tunnel establishment failures.
Sequence

Sequence number.
Time

Time when a VXLAN tunnel went Down or failed to be dynamically created.
Event Description

Cause for a VXLAN tunnel Down event or dynamic VXLAN tunnel establishment failure.

display vxlan tunnel

Function

The display vxlan tunnel command displays VXLAN tunnel information.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display vxlan tunnel [ tunnel-id ] [ verbose ]

Parameters

Parameter Description Value
tunnel-id

Specifies a VXLAN tunnel ID.

The value is an integer ranging from 1 to 4294967295.
verbose

Displays detailed VXLAN tunnel information.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After VXLAN tunnels are established, run the display vxlan tunnel command to check tunnel information. The command output helps verify configurations and locate faults.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display detailed VXLAN tunnel information.
<HUAWEI> display vxlan tunnel 4026531841 verbose
    Tunnel ID              : 4026531841
    Source                 : 1.1.1.1
    Destination            : 2.2.2.2
    State                  : up
    Type                   : static
    BypassVxlan            : true
    Uptime                 : 02:22:13
# Display VXLAN tunnel information.
<HUAWEI> display vxlan tunnel
Number of vxlan tunnel : 3
Tunnel ID   Source                Destination           State  Type          Uptime
----------------------------------------------------------------------------------------------------------
4026531844  1.1.1.1               2.2.2.2               up     static        03:12:33
4026531846  1.1.1.1               3.3.3.3               up     static        12:23:45
4026531847  1.1.1.1               4.4.4.4               down   static        -
Table 2-777 Description of the display vxlan tunnel command output
Item Description
Tunnel ID

VXLAN tunnel ID, which is automatically allocated after a VXLAN tunnel is established.
Source

VXLAN tunnel source IP address.
Destination

VXLAN tunnel destination IP address.
State

VXLAN tunnel status:

  • up: The tunnel is reachable.
  • down: The tunnel is unreachable.
Type

VXLAN tunnel type.

  • static: peer-list is statically configured.
  • dynamic: peer-list is dynamically learned by a routing protocol.
BypassVxlan

Indicates whether the bypass VXLAN tunnel exists:

  • true.
  • false.
Uptime

Period during which a VXLAN tunnel is Up.

  • If the period is less than 24 hours, the displayed format is hh:mm:ss, where hh, mm, and ss stand for hours, minutes, and seconds, respectively.
  • If the period is greater than 24 hours but less than 9999 hours, the displayed format is xxxxhxxm. For example, a period of 30 hours and 26 minutes is displayed as 0030h26m.
  • If the period is greater than 9999 hours, the number of hours is displayed as four asterisks (****). For example, a period of 10000 hours and 26 minutes is displayed as ****h26m.

If a hyphen (-) is displayed, the VXLAN tunnel is Down.
Number of vxlan tunnel

Number of VXLAN tunnels that have been established.

display vxlan vni

Function

The display vxlan vni command displays VXLAN configurations.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

display vxlan vni [ vni-id [ verbose ] ]

Parameters

Parameter Description Value
vni-id

Specifies a VNI ID.

The value is an integer ranging from 1 to 16777215.
verbose

Displays detailed configurations of the VXLAN with a specified VNI ID.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After a VXLAN is configured, to check the VNI status and BD to which the VNI is mapped, run the display vxlan vni command. The command output helps you determine whether the VXLAN is correctly configured.

Precautions

  • Before running the display vxlan vni command, ensure that the VNI exists on the device.
  • If both ingress replication and other replication modes are configured for the same VNI, the BUM packet forwarding mode in the command output is displayed as other replication modes.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display detailed configurations of the VXLAN with VNI 5010.
<HUAWEI> display vxlan vni 5010 verbose
    BD ID                  : 10
    State                  : up
    NVE                    : 1610612739
    Source Address         : 1.1.1.1
    Source IPv6 Address    : -
    UDP Port               : 4789
    BUM Mode               : head-end
    Group Address          : -
    Peer List              : 2.2.2.2 2.2.2.3
    IPv6 Peer List         : -
# Display VXLAN configurations.
<HUAWEI> display vxlan vni
Number of vxlan vni: 2
VNI            BD-ID            State
---------------------------------------
5010           10               up
5020           20               up
Table 2-778 Description of the display vxlan vni command output
Item Description
BD ID

ID of the BD to which a VNI is mapped.
State

VNI status:

  • up.
  • down.

The VNI status is Up only when the VXLAN tunnel corresponding to the VNI exists and is Up.

If the VNI status is Down, check whether the values of the Source and Peer List Destination fields in the command output are the same as those of the Source and Destination fields in the display vxlan tunnel command:

  • If they are different, the VXLAN tunnel corresponding to the specified VNI does not exist.

Run the source ip-address or vni <vni-id> head-end peer-list command to change the source or destination IP address of the VXLAN tunnel to ensure that the VXLAN tunnel exists.

  • If they are the same, collect related configuration information and contact technical support personnel.
NVE

NVE interface index, which is automatically generated when an NVE interface is created using the interface nve command. This index is used only for internal query.
Source Address

Source VTEP's IP address, which can be configured using the source ip-address command.
Source IPv6 Address

IPv6 address of the source VTEP.
IPv6 Peer List

IPv6 address of the remote VTEP.

When BUM Mode is flood-vtep replication or multicast replication, the field is not displayed in the command output.
UDP Port

Destination UDP port number, which is fixed at 4789.
BUM Mode

Broadcast, unknown unicast, and multicast mode.

head-end: A VXLAN tunnel forwards BUM packets using the ingress replication mode.

flood-vtep replication: A VXLAN tunnel forwards BUM packets using the centralized replication mode.

multicast replication: A VXLAN tunnel forwards BUM packets in multicast replication mode.
Group Address

Group address mode, which allows a VNI to use multicast replication to forward BUM packets.

This field displays as a hyphen (-) because multicast replication is not supported.
Peer List

IP address of a remote VTEP, which can be configured or changed using the vni <vni-id> head-end peer-list command.

This field is not displayed when BUM Mode is flood-vtep replication or multicast replication.

To view the centralized replication list containing IP addresses of the remote VTEPs, run the display vxlan flood-vtep command.
Number of vxlan vni

Number of VNIs configured.
VNI

VNI ID, which can be configured using the vxlan vni <vni-id> command.
BD-ID

BD ID associated with a VNI. It can be configured or modified using the bridge-domain <bd-id> command.

encapsulation default

Function

The encapsulation default command configures a Layer 2 sub-interface to receive packets with any encapsulation type by default.

The undo encapsulation default command disables a Layer 2 sub-interface from receiving packets with any encapsulation type by default.

By default, no encapsulation type is specified on an EVC Layer 2 sub-interface.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

encapsulation default

undo encapsulation default

Parameters

None

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,GE Layer 2 sub-interface view,Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A Layer 2 Ethernet can transmit untagged, single-tagged, and double-tagged packets. To enable an EVC Layer 2 sub-interface to transmit different types of packets, run the flow-encapsulation command to configure an encapsulation type for the EVC Layer 2 sub-interface. The encapsulation default command configures a Layer 2 sub-interface to receive packets with any encapsulation type by default. When packets cannot meet the requirements of other sub-interfaces, the packets are sent to the Layer 2 sub-interface.

Precautions

  • Each EVC Layer 2 sub-interface can be configured with only one encapsulation type. If traffic encapsulation has been configured on an EVC Layer 2 sub-interface and you want to change the encapsulation type, run the undo encapsulation command to delete the original encapsulation type.
  • After the encapsulation default command is run, the VLAN configured for the main interface does not take effect. To make the VLAN configuration take effect on an EVC Layer 2 sub-interface, clear the encapsulation configuration on the EVC Layer 2 sub-interface.

Example

# Enable the encapsulation type of the EVC Layer 2 sub-interface to default.
<HUAWEI> system-view
[HUAWEI] interface 10GE 1/0/1.1 mode l2
[HUAWEI-10GE1/0/1.1] encapsulation default

encapsulation dot1q

Function

The encapsulation dot1q command enables a Layer 2 sub-interface to receive packets with a specified 802.1Q tag.

The undo encapsulation dot1q command disables a Layer 2 sub-interface from receiving packets with a specified 802.1Q tag.

By default, no encapsulation type is specified on an EVC Layer 2 sub-interface.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

encapsulation dot1q [ vid low-pe-vid [ to high-pe-vid ] ]

undo encapsulation dot1q [ vid low-pe-vid [ to high-pe-vid ] ]

Parameters

Parameter Description Value
vid low-pe-vid

Specifies a VLAN ID for single-tagged packets to be received by an EVC Layer 2 sub-interface.

The value is an integer ranging from 1 to 4094.
to high-pe-vid

Specifies a range of VLAN IDs for single-tagged packets to be received by an EVC Layer 2 sub-interface. The parameters are as follows:

pevid2: specifies the end VLAN ID. pevid2 must be greater than or equal to pevid1. pevid2 and pevid1 define a range of VLAN IDs.

If you do not specify to pevid2, pevid1 specifies the single VLAN ID carried in packets.

If the command with the vid pevid1 [ to pevid2 ] parameter specified is run more than once, all configurations take effect.

The value is an integer ranging from 1 to 4094.

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,GE Layer 2 sub-interface view,Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A Layer 2 Ethernet can transmit untagged, single-tagged, and double-tagged packets. To enable an EVC Layer 2 sub-interface to transmit different types of packets, run the flow-encapsulation command to configure an encapsulation type for the EVC Layer 2 sub-interface. The encapsulation dot1q vid command configures a Layer 2 sub-interface to receive VLAN-encapsulated packets by default.

Precautions

Only a single encapsulation type can be specified on each EVC Layer 2 sub-interface. Before changing an encapsulation type, run the undo encapsulation command to delete the existing encapsulation type and run the encapsulation to specify an encapsulation type.

In a data transparent transmission scenario, dot1q or QinQ encapsulation is configured on an EVC Layer 2 sub-interface, and a range of VLAN IDs is specified for VLAN tags carried in packets. In this situation, traffic may be returned or dropped if the undo encapsulation dot1q vid low-pe-vid or undo encapsulation qinq vid pe-vid ce-vid low-ce-vid command is run to delete the existing encapsulation type with the smallest VLAN ID specified. To prevent problems, perform the following operations:

1.Run the shutdown command on the EVC Layer 2 sub-interface.

2.Run the undo encapsulation dot1q vid command to delete the minimum VLAN.

3.Run the undo shutdown command on the EVC Layer 2 sub-interface.

Example

# Enable the encapsulation type of the EVC Layer 2 sub-interface to dot1q.
<HUAWEI> system-view
[HUAWEI] interface 10GE 1/0/1.2 mode l2
[HUAWEI-10GE1/0/1.2] encapsulation dot1q vid 10
[HUAWEI-10GE1/0/1.2] encapsulation dot1q vid 100
[HUAWEI-10GE1/0/1.2] encapsulation dot1q vid 60
[HUAWEI-10GE1/0/1.2] encapsulation dot1q vid 5
Warning: Changing the smallest VLAN ID of the interface will temporarily affect services on the interface. Continue?[Y/N]:

encapsulation qinq

Function

The encapsulation qinq command enables a Layer 2 sub-interface to receive packets with a specified 802.1Q in 802.1Q tag.

The undo encapsulation qinq command disables a Layer 2 sub-interface from receiving packets with a specified 802.1Q in 802.1Q tag.

By default, no encapsulation type is specified on an EVC Layer 2 sub-interface.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

encapsulation qinq [ vid pe-vid [ to high-pe-vid ] ce-vid low-ce-vid [ to high-ce-vid ] ]

undo encapsulation qinq [ vid pe-vid [ to high-pe-vid ] ce-vid low-ce-vid [ to high-ce-vid ] ]

Parameters

Parameter Description Value
vid pe-vid

Specifies an outer VLAN ID for double-tagged packets to be received by an EVC Layer 2 sub-interface.

The value is an integer ranging from 1 to 4094.
to high-pe-vid

Specifies an outer VLAN ID for double-tagged packets to be received by an EVC Layer 2 sub-interface.

The value is an integer ranging from 1 to 4094.
to high-ce-vid

Specifies the inner VLAN ID in double-tagged packets to be received by an EVC Layer 2 sub-interface. cevid2 specifies the end VLAN ID. cevid2 must be greater than or equal to cevid1. cevid1 and cevid2 specify a VLAN range.

If to cevid2 is not specified, the VLAN ID carried in the tag of the received packet is the VLAN ID specified by cevid1.

If the cevid1 to cevid2 parameters are run more than once, all configurations take effect.

The value is an integer ranging from 1 to 4094.
low-ce-vid

Specifies a VLAN ID in the inner tag of double-tagged packets to be received by an EVC Layer 2 sub-interface.

The value is an integer ranging from 1 to 4094.

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,GE Layer 2 sub-interface view,Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On a Layer 2 Ethernet network, packets may not carry VLAN Tags or carry one or two VLAN Tags. To enable different packets to be forwarded through different EVC Layer 2 sub-interfaces, run this command to configure different encapsulation modes for Layer 2 sub-interfaces of the EVC Layer 2 sub-interface. When two VLAN TAGs are carried, the packets can enter this interface if the preceding configurations are met.

Precautions

Only a single encapsulation type can be specified on each EVC Layer 2 sub-interface. Before changing an encapsulation type, run the undo encapsulation command to delete the existing encapsulation type and run the encapsulation to specify an encapsulation type.

In a data transparent transmission scenario, dot1q or QinQ encapsulation is configured on an EVC Layer 2 sub-interface, and a range of VLAN IDs is specified for VLAN tags carried in packets. In this situation, traffic may be returned or dropped if the undo encapsulation dot1q vid low-pe-vid or undo encapsulation qinq vid pe-vid ce-vid low-ce-vid command is run to delete the existing encapsulation type with the smallest VLAN ID specified. To prevent problems, perform the following operations:

1.Run the shutdown command on the EVC Layer 2 sub-interface.

2.Run the undo encapsulation qinq vid command to delete the minimum VLAN.

3.Run the undo shutdown command on the EVC Layer 2 sub-interface.

Example

# Enable the encapsulation type of the EVC Layer 2 sub-interface to qinq.
<HUAWEI> system-view
[HUAWEI] interface 10GE 1/0/1.3 mode l2
[HUAWEI-10GE1/0/1.3] encapsulation qinq vid 10 ce-vid 100

encapsulation untag

Function

The encapsulation untag command enables a Layer 2 sub-interface to receive untagged packets.

The undo encapsulation untag command disables a Layer 2 sub-interface from receiving untagged packets.

By default, no encapsulation type is configured on a Layer 2 sub-interface.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

encapsulation untag

undo encapsulation untag

Parameters

None

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,GE Layer 2 sub-interface view,Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To add packets that do not carry VLAN TAG, run the encapsulation untag command on the sub-interface. Each Layer 2 sub-interface can be configured with only one encapsulation type. If flow encapsulation has been configured on a Layer 2 sub-interface, you must run the undo encapsulation command to delete the original encapsulation type before changing the encapsulation type.

Configuration Impact

After the encapsulation untag command is run, the main interface cannot forward packets without VLAN tags.

After the encapsulation untag configuration is deleted, if VLAN-related configurations exist on the main interface, you need to re-perform the VLAN-related configurations on the main interface to make the configurations take effect.

Example

# Set the encapsulation type of the EVC Layer 2 sub-interface to untagged.
<HUAWEI> system-view
[HUAWEI] interface 10GE 1/0/1.1 mode l2
[HUAWEI-10GE1/0/1.1] encapsulation untag

hub-mode enable

Function

The hub-mode enable command sets the access side mode to hub.

The undo hub-mode enable command cancels the hub mode on the access side.

By default, the access side mode is not set to hub.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

hub-mode enable

undo hub-mode enable

Parameters

None

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,VLAN range view,VLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On a VXLAN network, users connected to the same BD can directly communicate with each other. If access-side user isolation is configured using the isolate enable command in the BD view, to allow users connected to the BD through a VLAN or Layer 2 sub-interface to communicate with other users in the BD, run this command in the VLAN or Layer 2 sub-interface view to set the access-side mode to hub.

On a VXLAN network, users in the same BD can directly communicate with each other. If unidirectional isolation from the access side to the tunnel side is configured in a BD using the isolate remote enable command in the BD view, to allow users connected to the BD through a VLAN or Layer 2 sub-interface to communicate with the tunnel side, run this command in the VLAN or Layer 2 sub-interface view to set the access-side mode to hub.

Prerequisites

If the VLAN access mode is set to hub, the VLAN has been bound to a BD using the l2 binding vlan command.

Example

# Set the access side mode of VLAN 10 to hub.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] l2 binding vlan 10
[HUAWEI] vlan 10
[HUAWEI-vlan10] hub-mode enable
# Set the access-side mode of Layer 2 sub-interface 10GE1/0/1.1 to hub.
<HUAWEI> system-view
[HUAWEI] interface 10GE1/0/1.1 mode l2
[HUAWEI-10GE1/0/1.1] hub-mode enable

irb-reoriginate irb2ip

Function

The irb-reoriginate irb2ip enable command allows IRB/IRBv6 routes to be re-generated as IP prefix routes.

The undo irb-reoriginate irb2ip enable command restores the default configuration.

By default, IRB/IRBv6 routes can be regenerated as ARP/ND routes only.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

irb-reoriginate irb2ip { enable }

undo irb-reoriginate irb2ip { enable }

Parameters

None

Views

VPN instance IPv4 address family view,VPN instance IPv6 address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, after the route regeneration function is enabled, IRB/IRBv6 routes can be regenerated as ARP/ND routes only. To allow IRB/IRBv6 routes to be regenerated as IP prefix routes for Layer 3 forwarding, run the irb-reoriginate irb2ip enable command.

Example

# Enable a device to regenerate IRB routes as IP prefix routes.
<HUAWEI> system-view
[HUAWEI] ip vpn-instance vpna
[HUAWEI-vpn-instance-vpna] ipv4-family
[HUAWEI-vpn-instance-vpna-af-ipv4] route-distinguisher 1:1
[HUAWEI-vpn-instance-vpna-af-ipv4] irb-reoriginate irb2ip enable

irb-reoriginated without-bridge-domain disable(Global EVPN configuration view)

Function

The irb-reoriginated without-bridge-domain disable command disables the IRB route re-generation function when BDs are not configured.

The undo irb-reoriginated without-bridge-domain disable command restores the default configuration.

By default, the function to re-originate IRB routes when no BD is configured is enabled.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

irb-reoriginated without-bridge-domain disable

undo irb-reoriginated without-bridge-domain disable

Parameters

None

Views

Global EVPN configuration view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a scenario where segment VXLAN is used for DCI, if DC edge devices (border leaf nodes) do not support BDs, the devices without BD configuration can re-generate IRB routes by default to establish an inter-DC VXLAN tunnel. If edge devices support BDs, to prevent repeat IRB route re-generation, run the evpn command in the system view to display the global EVPN view and then run the irb-reoriginated without-bridge-domain disable command to disable the default IRB route re-generation function when BDs are not configured.

Example

# Disable a device from re-originating IRB routes when no BD is configured.
<HUAWEI> system-view
[HUAWEI] evpn
[HUAWEI-evpn] irb-reoriginated without-bridge-domain disable

irb-reoriginated without-split-group disable(Global EVPN configuration view)

Function

The irb-reoriginated without-split-group disable command disables the function to advertise re-originated IRB routes without being restricted by a split horizon group (SHG).

The undo irb-reoriginated without-split-group disable command restores the default configuration.

By default, re-originated IRB routes are advertised without being restricted by an SHG.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

irb-reoriginated without-split-group disable

undo irb-reoriginated without-split-group disable

Parameters

None

Views

Global EVPN configuration view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In scenarios where segment VXLAN tunnels are used to implement DC interconnections, to prevent forwarding BUM traffic from causing a loop during Layer 2 interconnection, BGP EVPN peer-based SHG is introduced. If no BGP EVPN peer-based SHGs are specified (using the peer split-group command) on transit leaf nodes (edge devices interconnecting DCs), all BGP EVPN peers belong to the default system SHG. In this case, after a transit leaf node re-originates IRB routes received from an intra-DC device, the transit leaf node cannot advertise the re-originated IRB routes to the peer DC's transit leaf node because the transit leaf nodes both belong to the default system SHG. As a result, Layer 3 traffic forwarding is affected.

To prevent this problem, a device advertises re-originated IRB routes without being restricted by an SHG by default. If SHGs are specified for all BGP EVPN peers on transit leaf nodes, to disable the function to advertise re-originated IRB routes without being restricted by an SHG, run the irb-reoriginated without-split-group disable command.

Example

# Disable the function to advertise re-originated IRB routes without being restricted by an SHG.
<HUAWEI> system-view
[HUAWEI] evpn
[HUAWEI-evpn] irb-reoriginated without-split-group disable

isolate enable

Function

The isolate enable command enables isolation of users connected to an access-side BD.

The undo isolate enable command disables isolation of users connected to an access-side BD.

By default, isolation of users connected to an access-side BD is disabled.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

isolate enable

undo isolate enable

Parameters

None

Views

Bridge domain view

Default Level

2: Configuration level

Usage Guidelines

In a VXLAN, users connected to the same BD can communicate. To isolate users connected to a BD, you can run the isolate enable command.

Example

# Enables isolation of users connected to BD 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] isolate enable

isolate remote enable

Function

The isolate remote enable command configures unidirectional isolation from the access side to the tunnel side in a BD.

The undo isolate remote enable command disables unidirectional isolation from the access side to the tunnel side in a BD.

By default, unidirectional isolation from the access side to the tunnel side is disabled in a BD.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

isolate remote enable

undo isolate remote enable

Parameters

None

Views

Bridge domain view

Default Level

2: Configuration level

Usage Guidelines

On a VXLAN network, users in the same BD can directly communicate with each other. To isolate unidirectional traffic from the access side to the tunnel side in a BD, run this command in the BD view.

Example

# Configure isolation from the access side to the tunnel side in BD 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] isolate remote enable

l2 binding vlan

Function

The l2 binding vlan command binds a VLAN to a BD.

The undo l2 binding vlan command cancels the binding relationship between a VLAN and a BD.

By default, a VLAN is not bound to a BD.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

l2 binding vlan vlan-id

undo l2 binding vlan vlan-id

Parameters

Parameter Description Value
vlan-id

Specifies a VLAN ID.

The value is an integer ranging from 1 to 4094.

Views

Bridge domain view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On the VXLAN network, you need to configure VXLAN service access points on a VXLAN network edge node. After you run the l2 binding vlan command to bind a VLAN to a BD. The interfaces added to the VLAN become VXLAN service access points.

Prerequisites

The VLAN to be bound to the BD has been created.

The default VLAN, MAC-VLAN, IP-VLAN, protocol-VLAN, and management-VLAN cannot be bound to a BD.

Precautions

After a VLAN is bound to a BD, you cannot create a VLANIF interface for the VLAN either.

Enable Layer 2 proxy ARP is exclusive with Binding a VLAN to a BD. After a VLAN is configured as a VXLAN service access point, do not configure ARP Layer 2 proxy.

After a VLAN is bound to a BD, the BD becomes the broadcast domain. Therefore, other service configurations in the VLAN become invalid.

Example

# Bind VLAN 10 to BD 10.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] l2 binding vlan 10

mac rib-only

Function

The mac rib-only command disables a device from delivering a MAC entry for a remote MAC route.

The undo mac rib-only command restores the default configuration.

By default, a device delivers MAC entries for remote MAC routes.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

mac rib-only

undo mac rib-only

Parameters

None

Views

EVPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a VXLAN Layer 3 gateway scenario, if Layer 2 unicast traffic forwarding is not involved, run the mac rib-only command to disable a device from delivering a MAC entry to its local MAC address table after it receives a VNI-based MAC route from the EVPN peer. This configuration saves forwarding entry resources.

Example

# Disable a device from delivering a local MAC entry for a received remote MAC route.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] evpn
[HUAWEI-bd10-evpn] mac rib-only

mac-address (NVE interface view)

Function

The mac-address command configures a MAC address for an NVE interface.

The undo mac-address command restores the default MAC address of an NVE interface.

By default, MAC address of an NVE interface is a system MAC address.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

mac-address macaddr

undo mac-address [ macaddr ]

Parameters

Parameter Description Value
macaddr

Specifies the MAC address of an NVE interface.

The value is in the H-H-H format. H is a 4-bit hexadecimal number, such as 00e0 or fc01. If an H contains fewer than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0. The MAC address cannot be set to FFFF-FFFF-FFFF.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

When BGP EVPN is deployed between distributed VXLAN gateways, you need to configure the same VTEP MAC address for the two devices that provide dual-active VXLAN access. In this way, gateways on the VXLAN network can forward traffic properly.

Example

# Set the MAC address of an NVE interface to 00e0-fc12-3456.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] mac-address 00e0-fc12-3456

mac-address static (System view)

Function

The mac-address static vni command configures a static MAC address entry for a VXLAN tunnel.

The undo mac-address static vni command deletes a static MAC address entry of a VXLAN tunnel.

By default, no static MAC address entry is configured for any VXLAN tunnel.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

mac-address static mac-address bridge-domain bd-id source source-ip-address peer peer-ip vni vni-id

undo mac-address static mac-address bridge-domain bd-id [ [ source source-ip-address ] [ peer peer-ip ] [ vni vni-id ] ]

Parameters

Parameter Description Value
mac-address

Specifies a destination MAC address.

The value is a 12-digit hexadecimal number, in the format of H-H-H. Each H is 4 digits. If an H contains fewer than 4 digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0. The MAC address cannot be set to FFFF-FFFF-FFFF or a multicast address starting with 01.
bridge-domain bd-id

Specifies the ID of a BD to which a VNI is to be mapped.

The value is an integer ranging from 1 to 16777215.
source source-ip-address

Specifies the IP address of a local VTEP.

The value is in dotted decimal notation.
peer peer-ip

Specifies an IP address for a remote VTEP.

The value is in dotted decimal notation.
vni vni-id

Specifies a VNI ID.

The default type is UINT32, and the maximum value range is 1-4294967295. The system automatically obtains the value range according to the actual situation.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

After the source NVE on a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, the local VTEP sends a copy of the BUM packets to every VTEP in the ingress replication list with the same VNI. To reduce the volume of broadcast traffic, run the mac-address static vni command to configure a static MAC entry for forwarding traffic. This configuration also prevents unauthorized data access, enhancing network security.

Example

# Configure a static MAC address entry with the destination MAC address of e0-fc-12 for a VXLAN tunnel.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] vxlan vni 5000
[HUAWEI-bd10] quit
[HUAWEI] interface nve 1
[HUAWEI-Nve1] source 1.1.1.1
[HUAWEI-Nve1] vni 5000 head-end peer-list 2.2.2.2
[HUAWEI-Nve1] quit
[HUAWEI] mac-address static e0-fc-12 bridge-domain 10 source 1.1.1.1 peer 2.2.2.2 vni 5000

peer (VNI view)

Function

The peer command creates and displays the VNI peer view.

The undo peer command deletes the configured VNI peer view.

By default, no VNI peer view is created.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

peer peerIp

undo peer peerIp

Parameters

Parameter Description Value
peerIp

Specifies the IP address of a peer network virtualization edge.

The address is in dotted decimal notation.

Views

VNI view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To set attributes for a specified peer VNI in the VNI peer view, run the peer command to create and display the VNI peer view.

Follow-up Procedure

Run the description command to configure a description for a peer VXLAN tunnel.

Example

# Create the VNI peer view with the VNI ID of 4096 and the peer IP address of 1.1.1.1.
<HUAWEI> system-view
[HUAWEI] vni 4096
[HUAWEI-vni4096] peer 1.1.1.1

peer advertise route-reoriginated evpn (BGP multi-instance EVPN view)

Function

The peer advertise route-reoriginated evpn command enables a device to re-encapsulate EVPN routes and then advertise them to BGP EVPN peers.

The undo peer advertise route-reoriginated evpn command restores the default configuration.

By default, a device does not re-encapsulate EVPN routes or advertise regenerated EVPN routes to BGP EVPN peers.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

peer peerIpv4Addr advertise route-reoriginated evpn { mac-ip | mac | ip | mac-ipv6 | ipv6 }

undo peer peerIpv4Addr advertise route-reoriginated evpn { mac-ip | mac | ip | mac-ipv6 | ipv6 }

Parameters

Parameter Description Value
peerIpv4Addr

Specifies the IPv4 address of a BGP EVPN peer.

The value is in dotted decimal notation.
mac-ip

Re-encapsulates the IRB or ARP routes in the received EVPN routes.

-
mac

Re-encapsulates the MAC routes in the received EVPN routes.

-
ip

Re-encapsulates the IP prefix routes in the received EVPN routes.

-
mac-ipv6

Re-encapsulates the IRBv6 or ND routes in received EVPN routes.

-
ipv6

Re-encapsulates received IPv6 prefix routes.

-

Views

bgp-muli-instance-af-evpn view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a segment VXLAN scenario for DCI, to allow VMs in different DCs to communicate with each other, run the peer advertise route-reoriginated command on a DC edge device connecting to a carrier backbone network. The edge device then re-encapsulates the EVPN routes received from one DC and sends them to BGP EVPN peers in another DC.

After receiving an EVPN route from a DC, an edge leaf node re-encapsulates the EVPN route as follows: Modifies the next hop address of the EVPN route as its own VTEP address, replaces the source MAC address (functioning as the gateway MAC address) of the host route contained in the EVPN route with its own MAC address, and replaces the L3VNI in the EVPN route with the L3VNI in the edge leaf's L3VPN instance.

Prerequisites

The device has been enabled to add a regeneration flag to the routes received from BGP EVPN peers using the peer ipv4-address import reoriginate command.

Example

# Enable a device to advertise regenerated IRB or ARP routes to a BGP EVPN peer.
<HUAWEI> system-view
[HUAWEI] bgp 100 instance evrf
[HUAWEI-bgp-instance-evrf] peer 1.1.1.1 as-number 100
[HUAWEI-bgp-instance-evrf] l2vpn-family evpn
[HUAWEI-bgp-instance-evrf-af-evpn] peer 1.1.1.1 enable
[HUAWEI-bgp-instance-evrf-af-evpn] peer 1.1.1.1 import reoriginate
[HUAWEI-bgp-instance-evrf-af-evpn] peer 1.1.1.1 advertise route-reoriginated evpn mac-ip

peer advertise route-reoriginated evpn (BGP multi-instance EVPN view) (group)

Function

The peer advertise route-reoriginated evpn command enables a device to re-encapsulate EVPN routes and then advertise them to BGP EVPN peers.

The undo peer advertise route-reoriginated evpn command restores the default configuration.

By default, a device does not re-encapsulate EVPN routes or advertise regenerated EVPN routes to BGP EVPN peers.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

peer peerGroupName advertise route-reoriginated evpn { mac-ip | mac | ip | mac-ipv6 | ipv6 }

undo peer peerGroupName advertise route-reoriginated evpn { mac-ip | mac | ip | mac-ipv6 | ipv6 }

Parameters

Parameter Description Value
peerGroupName

Specifies the name of a BGP EVPN peer group.

The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
mac-ip

Re-encapsulates the IRB or ARP routes in the received EVPN routes.

-
mac

Re-encapsulates the MAC routes in the received EVPN routes.

-
ip

Re-encapsulates the IP prefix routes in the received EVPN routes.

-
mac-ipv6

Re-encapsulates the IRBv6 or ND routes in received EVPN routes.

-
ipv6

Re-encapsulates received IPv6 prefix routes.

-

Views

bgp-muli-instance-af-evpn view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a segment VXLAN scenario for DCI, to allow VMs in different DCs to communicate with each other, run the peer advertise route-reoriginated command on a DC edge device connecting to a carrier backbone network. The edge device then re-encapsulates the EVPN routes received from one DC and sends them to BGP EVPN peers in another DC.

After receiving an EVPN route from a DC, an edge leaf node re-encapsulates the EVPN route as follows: Modifies the next hop address of the EVPN route as its own VTEP address, replaces the source MAC address (functioning as the gateway MAC address) of the host route contained in the EVPN route with its own MAC address, and replaces the L3VNI in the EVPN route with the L3VNI in the edge leaf's L3VPN instance.

Prerequisites

The device has been enabled to add a regeneration flag to the routes received from BGP EVPN peers using the peer group-name import reoriginate command.

Example

# Enable a device to advertise regenerated IRB or ARP routes to a BGP EVPN peer group.
<HUAWEI> system-view
[HUAWEI] bgp 100 instance evrf
[HUAWEI-bgp-instance-evrf] group gp1
[HUAWEI-bgp-instance-evrf] peer 1.1.1.1 group gp1
[HUAWEI-bgp-instance-evrf] peer 2.2.2.2 group gp1
[HUAWEI-bgp-instance-evrf] l2vpn-family evpn
[HUAWEI-bgp-instance-evrf-af-evpn] peer gp1 enable
[HUAWEI-bgp-instance-evrf-af-evpn] peer gp1 import reoriginate
[HUAWEI-bgp-instance-evrf-af-evpn] peer gp1 advertise route-reoriginated evpn mac-ip

peer import reoriginate (BGP multi-instance EVPN view)

Function

The peer import reoriginate command enables a device to add a regeneration flag to the routes received from BGP multi-instance EVPN peers.

The undo peer import reoriginate command restores the default configuration.

By default, a device does not add a regeneration flag to the routes received from BGP multi-instance EVPN peers.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

peer peerIpv4Addr import reoriginate

undo peer peerIpv4Addr import reoriginate

Parameters

Parameter Description Value
peerIpv4Addr

Specifies the IPv4 address of a BGP EVPN peer.

The value is in dotted decimal notation.

Views

bgp-muli-instance-af-evpn view

Default Level

2: Configuration level

Usage Guidelines

DCI enables inter-DC VM communication. It uses technologies, such as VXLAN and BGP EVPN, to securely and reliably transmit packets from DCs over carrier networks.

In a segment VXLAN scenario for DCI, an edge node that connects to a carrier network does not re-encapsulate the routes received from BGP EVPN peers, causing the EVPN routes to be terminated on the edge node. As a result, the EVPN routes from one DC cannot be advertised to the BGP EVPN peers of another DC. To address this problem, run the peer import reoriginate command to enable the edge node to add a regeneration flag to the routes received from BGP EVPN peers. The edge node then re-encapsulates the EVPN routes received from one DC before sending them to another DC for inter-DC VM communication.

Example

# Configure the device to add the regeneration flag to the routes to be received from a BGP multi-instance EVPN peer.
<HUAWEI> system-view
[HUAWEI] bgp 100 instance evrf
[HUAWEI-bgp-instance-evrf] peer 1.1.1.1 as-number 100
[HUAWEI-bgp-instance-evrf] l2vpn-family evpn
[HUAWEI-bgp-instance-evrf-af-evpn] peer 1.1.1.1 enable
[HUAWEI-bgp-instance-evrf-af-evpn] peer 1.1.1.1 import reoriginate

peer import reoriginate (BGP multi-instance EVPN view) (group)

Function

The peer import reoriginate command enables a device to add a regeneration flag to the routes received from BGP EVPN peers.

The undo peer import reoriginate command restores the default configuration.

By default, a device does not add a regeneration flag to the routes received from BGP EVPN peers.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

peer peerGroupName import reoriginate

undo peer peerGroupName import reoriginate

Parameters

Parameter Description Value
peerGroupName

Specifies the name of a BGP EVPN peer group.

The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

bgp-muli-instance-af-evpn view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

DCI enables inter-DC VM communication. It uses technologies, such as VXLAN and BGP EVPN, to securely and reliably transmit packets from DCs over carrier networks.

In a segment VXLAN scenario for DCI, an edge node that connects to a carrier network does not re-encapsulate the routes received from BGP EVPN peers, causing the EVPN routes to be terminated on the edge node. As a result, the EVPN routes from one DC cannot be advertised to the BGP EVPN peers of another DC. To address this problem, run the peer import reoriginate command to enable the edge node to add a regeneration flag to the routes received from BGP EVPN peers. The edge node then re-encapsulates the EVPN routes received from one DC before sending them to another DC for inter-DC VM communication.

Example

# Enable a device to add a regeneration flag to the routes received from BGP EVPN peer group.
<HUAWEI> system-view
[HUAWEI] bgp 100 instance evrf
[HUAWEI-bgp-instance-evrf] group gp1
[HUAWEI-bgp-instance-evrf] peer 1.1.1.1 group gp1
[HUAWEI-bgp-instance-evrf] peer 2.2.2.2 group gp1
[HUAWEI-bgp-instance-evrf] l2vpn-family evpn
[HUAWEI-bgp-instance-evrf-af-evpn] peer gp1  enable
[HUAWEI-bgp-instance-evrf-af-evpn] peer gp1 import reoriginate

pip-source peer bypass

Function

The pip-source peer bypass command configures a static bypass VXLAN tunnel.

The undo pip-source peer bypass command deletes a static bypass VXLAN tunnel.

By default, no bypass vxlan tunnel is configured.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

pip-source src-ip peer peer-ip bypass

undo pip-source src-ip peer peer-ip bypass

Parameters

Parameter Description Value
src-ip

Specifies the source IP address of a bypass VXLAN tunnel.

The value is in dotted decimal notation.
peer-ip

Specifies the peer IP address of a bypass VXLAN tunnel.

The value is in dotted decimal notation.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

In a VXLAN scenario with M-LAG configured, if one user-side link fails, service traffic is transmitted through the peer-link between the M-LAG devices. In this scenario, the pip-source peer bypass command must berun on M-LAG devices to create a static bypass VXLAN tunnel to divert traffic to the peer-link.

Example

# Configure a source address and a peer address for a static bypass VXLAN tunnel.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] pip-source 1.1.1.1 peer 2.2.2.2 bypass

qos phb marking dscp disable

Function

The qos phb marking dscp disable command disables the mapping of the inner priority to the outer DSCP priority of VXLAN packets.

The undo qos phb marking dscp disable command enables the mapping of the inner priority to the outer DSCP priority of VXLAN packets.

By default, the mapping of the inner priority to the outer DSCP priority of VXLAN packets is enabled.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

qos phb marking dscp disable

undo qos phb marking dscp disable

Parameters

None

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

By default, when a packet enters a VXLAN tunnel, the 802.1p or DSCP priority of the original packet is mapped to the internal priority. When VXLAN encapsulation is performed, the outer DSCP priority is 0. When the mapping of PHBs to DSCP priorities is enabled for outgoing packets on an Ethernet interface, the internal priority is mapped to the outer DSCP priority. In this case, the outer DSCP priority of the encapsulated packet may be different from the DSCP priority of the original packet.

If the outer DSCP priority of the VXLAN packet needs to be the same as the DSCP priority of the original packet after VXLAN encapsulation is performed, you can disable the mapping of the inner priority to the outer DSCP priority of VXLAN packets. In this way, the DSCP priority of the original packet is copied as the outer DSCP priority of the VXLAN packet during VXLAN encapsulation, ensuring that the two DSCP priorities are the same.

Example

# Disable the mapping of the inner priority to the outer DSCP priority of VXLAN packets.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] qos phb marking dscp disable

reserved for vxlan bypass

Function

The reserved for vxlan bypass command configures the IPv4 address of the VLANIF interface for a peer-link interface as a dedicated address for the bypass VXLAN tunnel.

The undo reserved for vxlan bypass command restores the default configuration.

By default, the IPv4 address of the VLANIF interface for a peer-link interface is not specified as a dedicated address for the bypass VXLAN tunnel, and a consistency check is performed to determine whether the VLANIF interface addresses on the M-LAG master and backup devices are the same.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

reserved for vxlan bypass

undo reserved for vxlan bypass

Parameters

None

Views

VLANIF interface view

Default Level

2: Configuration level

Usage Guidelines

In a scenario where a server is dual-homed to a VXLAN network through an M-LAG, a static bypass VXLAN tunnel must be configured between the M-LAG member devices to divert service traffic to the peer-link.

If the **consistency-check enable mode ** command is run on M-LAG member devices to enable M-LAG configuration consistency check, the VLANIF interfaces configurations on the peer-link interfaces of the master and backup M-LAG member devices are checked. If the configurations are inconsistent, an alarm is reported.

If you run this command to specify the IPV4 address of the VLANIF interface for a peer-link interface to be used only by the bypass VXLAN tunnel, the check criteria for VLANIF interface configuration consistency change accordingly. Specifically, if the IPV4 address and MAC address of the corresponding VLANIF interfaces on the M-LAG master and backup devices are the same, an alarm is reported.

Example

# Configure the IPv4 address of VLANIF 100 as a dedicated address for the bypass VXLAN tunnel.
<HUAWEI> system-view
[HUAWEI] interface Vlanif 100
[HUAWEI-Vlanif100] reserved for vxlan bypass

reset bridge-domain statistics

Function

The reset bridge-domain statistics command clears traffic statistics of a BD.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

reset bridge-domain bd-id statistics

Parameters

Parameter Description Value
bd-id

Specifies the ID of a bridge domain.

The value is an integer

ranging from 1 to 16777215.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Before you collect traffic statistics within a specified period for a BD, run the reset bridge-domain statistics command to clear existing statistics so that traffic statistics can be collected again, ensuring that the statistics are correct.

Prerequisites

A bridge domain has been created using the bridge-domain command.

Precautions

Traffic statistics of a BD are cleared and cannot be restored. Exercise caution when running the reset bridge-domain statistics command.

Example

# Clear packet statistics in bridge domain 10.
<HUAWEI> reset bridge-domain 10 statistics

reset fwm vxlan statistics

Function

The reset fwm vxlan statistics command resets VXLAN module statistics on a specified board.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

reset fwm vxlan { l2subif | bridge-domain | tunnel | evpn } statistics [ all ] slot slotid

Parameters

Parameter Description Value
l2subif

Specifies a Layer 2 sub-interface.

-
bridge-domain

Specifies a broadcast domain.

-
tunnel

Indicates the tunnel module.

-
evpn

Indicates the EVPN module.

-
all

Indicates all statistics.

-
slot slotid

Specifies the slot ID.

The value is a string of 1 to 49 case-sensitive characters, spaces not supported.

Views

All views

Default Level

2: Configuration level

Usage Guidelines

You can run the reset fwm vxlan statistics command to clear statistics about each subservice of the VXLAN module on <slotid>.

Example

# Reset statistics about the VXLAN module on a specified board.
<HUAWEI> reset fwm vxlan bridge-domain statistics slot 1

reset vxlan statistics

Function

The reset vxlan statistics command clears VXLAN packet statistics.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

reset vxlan statistics source source-ip peer peer-ip vni vni-id

reset vxlan statistics vni vni-id

reset vxlan statistics source source-ip peer peer-ip

Parameters

Parameter Description Value
peer peer-ip

Clears VXLAN packet statistics collected based on the IP address of the peer virtualized edge node.

The value is in dotted decimal notation.
vni

Clears VXLAN packets statistics collected based on a specified VNI ID.

The value is an integer ranging from 1 to 16777215.
vni-id

Specifies the value of VNI ID.

The value is an integer ranging from 1 to 16777215.
source source-ip

Clears VXLAN packets statistics collected based on the source IP address.

The value is in dotted decimal notation.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In cloud VPN scenarios, cloud GWs support VXLAN packet statistics collection. To clear VXLAN packet statistics, run the reset vxlan statistics command.

Precautions

After the reset vxlan statistics command is run, VXLAN packet statistics on a device are cleared and cannot be restored. Exercise caution when you run this command.

Example

# Clear VXLAN packet statistics collected based on the VNI with the ID of 1.
<HUAWEI> reset vxlan statistics vni 1
# Clear VXLAN packet statistics collected based on the source IP address 1.1.1.1, VNI with the ID of 1, and the IP address of the peer virtualized edge node as 1.1.1.2.
<HUAWEI> reset vxlan statistics source 1.1.1.1 peer 1.1.1.2 vni 1
# Clear downstream VXLAN packet statistics collected based on the source IP address 10.1.1.1, remote VTEP IP address 10.2.2.2.
<HUAWEI> reset vxlan statistics source 10.1.1.1 peer 10.2.2.2

rewrite (Layer 2 sub-interface view)

Function

The rewrite pop single command enables a Layer 2 sub-interface with the encapsulation type being dot1q to remove a single VLAN tag from received packets.

The rewrite pop double command enables a Layer 2 sub-interface with the encapsulation type being QinQ to remove double VLAN tags from received packets.

The undo rewrite command restores the default encapsulation type.

By default, a Layer 2 sub-interface with the encapsulation type being QinQ removes double VLAN tags from received packets, and a Layer 2 sub-interface with the encapsulation type being Dot1q removes one VLAN tag from received packets.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

rewrite pop { single | double }

rewrite pop double

undo rewrite [ pop { single | double } ]

Parameters

Parameter Description Value
single

Enables an EVC Layer 2 sub-interface to remove the outer VLAN tag from received packets.

-
double

Enables an EVC Layer 2 sub-interface to remove double tags from packets after receiving them.

-
pop

Remove one or more specified VLAN tags.

-

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,GE Layer 2 sub-interface view,Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a Layer 2 sub-interface with the encapsulation type being QinQ is configured as a VXLAN service access point on a VXLAN, to enable the sub-interface to remove double VLAN tags from received packets, run the rewrite pop double command.

If a Layer 2 sub-interface with the encapsulation type being Dot1q is configured as a VXLAN service access point on a VXLAN, to enable the sub-interface to remove single VLAN tags from received packets, run the rewrite pop single command.

Prerequisites

The following conditions have been met:

The Layer 2 sub-interface is not added to a bridge domain

Configuration Impact

After the rewrite pop single | double command is run successfully, the VLAN tag operation on packets is as as follows:

  • For incoming packets, the tags are removed and forwarded at Layer 2.
  • For outgoing packets, the corresponding VLAN information is added to the packets before they are forwarded.

Precautions

Only one traffic behavior can be configured on each EVC Layer 2 sub-interface. If a traffic behavior has been configured on an EVC Layer 2 sub-interface and you want to change it, perform the following operations on the EVC Layer 2 sub-interface:

  • Run the undo rewrite command to delete the original traffic behavior.
  • Run the undo bridge-domain command to exit the BD.

If a VLAN range is specified in this command, broadcast, unknown unicast, and multicast (BUM) traffic is replicated in all VLANs in that VLAN range. Excessive traffic replication will overburden the board, potentially interrupting services. To ensure that the board is not overburdened by many redundant VLANs, you are advised to plan VLANs appropriately during service deployment.

Example

# Enable 10GE 1/0/1.1 to remove double tags from received packets.
<HUAWEI> system-view
[HUAWEI] interface 10GE 1/0/1.1 mode l2
[HUAWEI-10GE1/0/1.1] rewrite pop double

rewrite no-action

Function

The rewrite no-action command configures a dot1q Layer 2 sub-interface to transparently transmit received packets, instead of removing VLAN tags from the packets.

The undo rewrite no-action command restores the default configuration.

By default, a dot1q Layer 2 sub-interface removes VLAN tags from received packets, instead of transparently transmitting them.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

rewrite no-action

undo rewrite no-action

Parameters

None

Views

100GE Layer 2 sub-interface view,10GE Layer 2 sub-interface view,25GE Layer 2 sub-interface view,40GE Layer 2 sub-interface view,Eth-Trunk Layer 2 sub-interface view,GE Layer 2 sub-interface view,Layer 2 sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a service access point is configured in the EVC model, if a Layer 2 sub-interface is selected and the encapsulation mode of the Layer 2 sub-interface is Dot1q, the sub-interface removes VLAN tags from received packets by default. To enable a Layer 2 sub-interface to transparently transmit single-tagged data packets, run the rewrite no-action command.

Prerequisites

  • The dot1q Layer 2 sub-interface has not been added to a BD.
  • A VLAN ID or VLAN ID range of packets that the dot1q Layer 2 sub-interface permits has been configured using the encapsulation dot1q vid command.

Precautions

This command applies only to dot1q Layer 2 sub-interfaces.

If a dot1q Layer 2 sub-interface is bound to a BD after the rewrite no-action command is run for the sub-interface, the BD does not support VBDIF interfaces and ARP broadcast packet suppression.

Example

# Configure the Layer 2 sub-interface 10GE 1/0/1.1 to transparently transmit received packets.
<HUAWEI> system-view
[HUAWEI] interface 10GE 1/0/1.1 mode l2
[HUAWEI-10GE1/0/1.1] encapsulation dot1q vid 2
[HUAWEI-10GE1/0/1.1] rewrite no-action

route-distinguisher (EVPN instance view)

Function

The route-distinguisher command configures a route distinguisher (RD) for a BD EVPN instance.

The undo route-distinguisher command deletes the RD of a BD EVPN instance.

By default, no RD is configured for BD EVPN instances.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

route-distinguisher route-distinguisher

route-distinguisher auto

undo route-distinguisher route-distinguisher

undo route-distinguisher auto

Parameters

Parameter Description Value
route-distinguisher

Specifies an RD to be configured for a BD EVPN instance.

The format of an RD can be as follows:

  • 2-byte AS number:4-byte user-defined number, for example, 1:3. An AS number is an integer ranging from 0 to 65535, and a user-defined number is an integer ranging from 0 to 4294967295. The AS and user-defined numbers cannot be both 0s. This means that an RD cannot be 0:0.
  • Integral 4-byte AS number:2-byte user-defined number, for example, 65537:3. An AS number is an integer ranging from 65536 to 4294967295, and a user-defined number is an integer ranging from 0 to 65535.
  • 4-byte AS number in dotted notation:2-byte user-defined number, for example, 0.0:3 or 0.1:0. A 4-byte AS number in dotted notation is in the format of x.y, where x and y are integers ranging from 0 to 65535. A user-defined number is an integer ranging from 0 to 65535. The AS and user-defined numbers cannot be both 0s. This means that an RD cannot be 0.0:0.
  • 32-bit IP address:2-byte user-defined number. For example, 192.168.122.15:1. An IP address ranges from 0.0.0.0 to 255.255.255.255, and a user-defined number is an integer ranging from 0 to 65535.
auto

Specifies the RD that is automatically generated.

-

Views

EVPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating an EVPN instance in a BD view, run the route-distinguisher command to configure an RD for the BD EVPN instance.

Different EVPN instances may have the same route prefix. To allow a peer PE to determine to which EVPN instance a received route belongs, run the route-distinguisher command to configure an RD for the EVPN instance on the local PE. The local PE then adds the RD to the route prefix to be sent to the peer PE, and the route prefix becomes a globally unique EVPN route.

Prerequisites

An EVPN instance has been created using the evpn command in the BD view.

Precautions

Running the undo route-distinguisher command in the BD-EVPN instance view causes EVPN-related configurations to be deleted.

Example

# Configure an RD 22:1 for EVPN instance in BD 11.
<HUAWEI> system-view
[HUAWEI] bridge-domain 11
[HUAWEI-bd11] evpn
[HUAWEI-bd11-evpn] route-distinguisher 22:1

set bridge-domain resource super-mode

Function

The set bridge-domain resource super-mode command sets the super bridge-domain resource mode.

The undo set bridge-domain resource super-mode command restores the default bridge-domain resource mode.

By default, the bridge-domain resource mode is default mode, not super mode. In default mode, the device supports 4096 BDs.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

set bridge-domain resource super-mode

undo set bridge-domain resource super-mode

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device supports 4096 BDs by default. If you want more than 4096 BDs, run the set bridge-domain resource super-mode command to set the super bridge-domain resource mode. After this command is configured, the device supports 16000 BDs.

Example

# Set the super bridge-domain resource mode.
<HUAWEI> system-view
[HUAWEI] set bridge-domain resource super-mode

source (NVE interface view)

Function

The source command configures an IP address for a source VXLAN tunnel endpoint (VTEP).

The undo source command deletes the IP address of a source VTEP.

By default, no IP address is configured for any source VTEP.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

source ip-address

undo source [ ip-address ]

Parameters

Parameter Description Value
ip-address

Specifies an IP address for a source VTEP.

The value is in dotted decimal notation.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A VTEP is a VXLAN tunnel endpoint that encapsulates or decapsulates VXLAN packets. It is represented by a network virtualization edge (NVE).

To configure an IP address for a source VTEP, run the source command. In VXLAN packets, the source IP address is the source VTEP's IP address, and the destination IP address is a remote VTEP's IP address. This pair of VTEP addresses corresponds to a VXLAN tunnel.

Precautions

You can specify a physical interface address or loopback interface address as the source VTEP IP address. Using the loopback interface address as the source VTEP IP address is recommended.

Generally, NVE interfaces on different devices need to be configured with different VTEP addresses. Otherwise, traffic may be forwarded incorrectly. In specific scenarios (for example, M-LAG dual-homing access scenario), if multiple devices are required to function as the same NVE, configure the same VTEP address for the NVE interfaces of these devices.

Example

# Configure the IP address 1.1.1.1 for a source VTEP.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] source 1.1.1.1

statistic enable (Bridge domain view)

Function

The statistic enable command enables traffic statistics collection in a BD.

The undo statistic enable command disables traffic statistics collection in a BD.

By default, traffic statistics collection is disabled in BDs.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

statistics enable

undo statistics enable

Parameters

None

Views

Bridge domain view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To check statistics about packets sent and received in a BD for fault locating, run this command in the BD view to enable traffic statistics collection. Otherwise, you cannot view traffic statistics in the BD.

Follow-up Procedure

After running the statistic enable command, run the display bridge-domain statistics command to view traffic statistics in the BD. The command output helps you diagnose faults.

Example

# Enable traffic statistics collection for BD 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] statistics enable

statistic enable (VNI view)

Function

The statistic enable command enables VXLAN traffic statistics collection.

The undo statistic enable command disables VXLAN traffic statistics collection.

By default, VXLAN traffic statistics collection is disabled.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

statistic enable

undo statistic enable

Parameters

None

Views

VNI view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

By default, VXLAN packet statistics collection is disabled. To view VXLAN packet statistics of a specified VNI for fault locating, run this command in the VNI view to enable VXLAN packet statistics collection. Otherwise, you cannot view VXLAN packet statistics of the VNI.

Configuration Impact

If a large number of VXLAN packets exist, the device counts all these packets and subsequently stores large amounts of statistics, causing device operation performance to deteriorate. If VXLAN traffic statistics collection is not needed, run the undo statistic enable command to disable the function.

Follow-up Procedure

After running the statistics enable command, you can run the display vxlan statistics vni <vni-id> command to view VNI-specific statistics. The statistics can be used for fault diagnosis.

Example

# Enable VXLAN traffic statistics collection.
<HUAWEI> system-view
[HUAWEI] vni 10
[HUAWEI-vni10] statistic enable

vni (NVE interface view)

Function

The vni command configures a VXLAN network identifier (VNI) for an NVE interface.

The undo vni command deletes the VNI for an NVE interface, and deletes all configurations for the same VNI on the current NVE interface.

The vni head-end peer-list command configures an ingress replication list that contains the IP addresses of those remote VTEPs for a VXLAN network identifier (VNI).

The undo vni head-end peer-list command deletes the ingress replication list of a VNI.

By default, no VNI is configured for an NVE interface, no ingress replication list is configured for any VNI.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vni vni-id [ head-end peer-list { ip-address } &<1-10> ]

undo vni vni-id [ head-end peer-list { ip-address } &<1-10> ]

Parameters

Parameter Description Value
vni-id

Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.
ip-address

Specifies the IP address of a remote VXLAN tunnel endpoint (VTEP).

The value is in dotted decimal notation.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

VNIs are similar to VLAN IDs. VXLAN uses VNIs to differentiate VXLAN segments and identify tenants. A VNI identifies only one tenant. Even if multiple terminal users belong to the same VNI, they are considered one tenant. Run this command to configure a VNI for an NVE interface.

After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets.

If a source VTEP on a VXLAN connects to multiple remote VTEPs on the same VXLAN segment, run the vni head-end peer-list command to configure an ingress replication list that contains the IP addresses of those remote VTEPs. After the source NVE receives BUM packets, the local VTEP sends a copy of the BUM packets to every VTEP in the list.

Configuration Impact

Ingress replication allows BUM packets to be transmitted in broadcast mode, independent of multicast routing protocols.

Precautions

Even if a source VTEP connects only to one remote VTEP, you still need to run the vni head-end peer-list command to configure an ingress replication list with the remote VTEP's IP address specified.

If other configurations are performed for the same VNI on the current NVE interface, the command configuration will be overwritten.

Example

# Configure an ingress replication list for VNI 5010, with the remote VTEPs' IP addresses being 2.2.2.2 and 3.3.3.3.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] vni 5010 head-end peer-list 2.2.2.2 3.3.3.3
# Configures a VNI for an NVE interface.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] vni 10

vni (System view)

Function

The vni command creates a VXLAN network identifier (VNI) and displays the VNI view. If a VNI has been created, the VNI view is directly displayed.

The undo vni command deletes a configured VNI.

By default, no VNI is created.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vni vni-id

undo vni vni-id

Parameters

Parameter Description Value
vni-id

Specifies a VNI ID.

The value is an integer ranging from 1 to 16777215.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

VNIs, similar to VLAN IDs, are used to differentiate VXLAN segments and identify tenants. A VNI identifies only one tenant. If multiple terminal users share the same VNI, they are considered one tenant. To create a global VNI and enter the VNI view, run the vni command. Then, global VNI configurations can be performed in the view.

Follow-up Procedure

Run the peer ip-address command in the VNI view to create and display the VNI peer view.

Example

# Create a VNI with the VNI ID of 4096.
<HUAWEI> system-view
[HUAWEI] vni 4096

vni head-end peer-list protocol bgp

Function

The vni head-end peer-list protocol bgp command configures a dynamic ingress replication list generated by the BGP protocol that contains the IP addresses of those remote VTEPs for a VXLAN network identifier (VNI).

The undo vni head-end peer-list protocol bgp command cancels the configuration.

By default, no ingress replication list is configured for any VNI.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vni vni-id head-end peer-list protocol bgp

undo vni vni-id head-end peer-list protocol bgp

Parameters

Parameter Description Value
vni-id

Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets.

If a source VTEP on a VXLAN connects to multiple remote VTEPs on the same VXLAN segment, run the vni head-end peer-list command to configure an ingress replication list that contains the IP addresses of those remote VTEPs. After the source NVE receives BUM packets, the local VTEP sends a copy of the BUM packets to every VTEP in the list. To use BGP to dynamically establish Layer 2 VXLAN tunnels, run the vni head-end peer-list protocol bgp command.

Configuration Impact

Ingress replication allows BUM packets to be transmitted in broadcast mode, independent of multicast routing protocols.

Precautions

If other configurations are performed for the same VNI on the current NVE interface, the command configuration will be overwritten.

Example

# Configure a dynamic ingress replication list generated by BGP that contains the IP addresses of those remote VTEPs for a VNI.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] vni 5010 head-end peer-list protocol bgp

vni mcast-group

Function

The vni mcast-group command enables the multicast replication mode for forwarding BUM packets and sets the multicast replication address of a specific VNI.

The undo vni mcast-group command restores the default setting.

By default, BUM packets are forwarded in ingress replication mode, and no multicast replication address is set.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vni vni-id mcast-group ip-address

undo vni vni-id mcast-group ip-address

Parameters

Parameter Description Value
vni-id

Specifies a VNI.

The value is an integer ranging from 1 to 16000000.
ip-address

Specifies a multicast replication address.

The value is a multicast IP address in dotted decimal notation and ranges from 224.0.1.0 to 239.255.255.255.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Using the ingress replication mode to forward a large number of Broadcast&Unknown-unicast&Multicast (BUM) packets on a VXLAN network increases the network load and consumes lots of network bandwidth resources. To resolve the issue, run the vni mcast-group command on each VTEP to configure the multicast replication mode. In multicast replication mode, all VTEPs with the same VNI join the same multicast group. A multicast routing protocol, such as PIM, is used to create a multicast forwarding entry for the multicast group. When a VTEP receives a BUM packet from a local VM, it adds a multicast destination IP address to the BUM packet before sends the packet to the remote VTEPs based on the created multicast forwarding entry.

After you run the vni mcast-group command, mappings between VNIs and multicast groups are established. After receiving a VXLAN multicast packet, the VTEP checks the UNI in the packet. If no matching mapping between the VNI and multicast group is found, the VTEP will discard the packet.

Precautions

  • This command is mutually exclusive with the vni flood-vtep command. In other words, multicast replication and centralized replication of BUM packets cannot be configured together.
  • After configuring multicast replication, you can still run the vni head-end peer-list command to generate a remote VTEP address list for VXLAN tunnel establishment. However, multicast replication, instead of ingress replication, is used for BUM packets.
  • One VNI can be configured with only one multicast replication address, and multiple VNIs can share one multicast replication address. That is, one VNI can correspond to only one multicast group, but one multicast group can correspond to multiple VNIs.
  • This command cannot be used if BIDIR-PIM or PIM-DM has been enabled.
  • If a VXLAN VNI has been configured in the BD view and IGMP snooping has been enabled in the BD view, multicast replication of BUM packets for the VNI cannot be enabled on an NVE interface.
  • If a VXLAN VNI has been configured in the BD view and IGMP has been enabled (using the igmp enable command) in the VBDIF view of the BD, multicast replication of BUM packets for the VNI cannot be enabled on an NVE interface.
  • The multicast replication address of a VNI specified on an NVE interface cannot be the same as the share-group address (multicast-domain share-group).
  • A multicast group address in the switch-MDT switch-address pool (multicast-domain switch-group-pool) cannot be used as a multicast replication address for a specified VNI on an NVE's interface.

Example

# Configure multicast replication address 224.1.1.1 for VNI 10.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] vni 10 mcast-group 224.1.1.1

vxlan anycast-gateway enable

Function

The vxlan anycast-gateway enable command enables distributed gateway.

The undo vxlan anycast-gateway enable command disables distributed gateway.

By default, distributed gateway is disabled.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vxlan anycast-gateway enable

undo vxlan anycast-gateway enable

Parameters

None

Views

VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To enable distributed gateway on a VBDIF interface and allow the gateway to learn only user-side ARP, ND, or DHCP packets, run the

vxlan anycast-gateway enable command. After distributed gateway is enabled, the gateway:

  • Processes only received user-side ARP, ND, or DHCP packets and generates host routes accordingly.
  • Deletes network-side ARP, ND, or DHCP entries already learned and deletes the corresponding host routes.

Configuration Impact

After distributed gateway is enabled:

  • VXLAN tunnel-side static ARP, ND, or DHCP entries cannot be configured on the gateway.
  • If distributed gateways have the same IP address, they do not report ARP, ND, or DHCP conflicts.
  • If ARP proxy is not enabled but the network-side devices and user-side hosts have the same IP address, the gateways do not report IP address conflict alarms.

Example

# Enable distributed gateway on VBDIF 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] quit
[HUAWEI] interface vbdif 10
[HUAWEI-Vbdif10] vxlan anycast-gateway enable

vxlan statistics enable

Function

The vxlan statistics enable command enables the function of collecting VXLAN packet statistics based on the VNI and VXLAN tunnel.

The undo vxlan statistics enable command disables the function of collecting VXLAN packet statistics based on the VNI and VXLAN tunnel.

By default, the function of collecting VXLAN packet statistics based on the VNI and VXLAN tunnel is disabled.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vxlan statistics peer peer-ip vni vni-id enable

vxlan statistics peer peer-ip enable

undo vxlan statistics peer peer-ip vni vni-id enable

undo vxlan statistics peer peer-ip enable

Parameters

Parameter Description Value
vni vni-id

Enables VXLAN packets statistics collection based on a specified VNI ID.

The value is an integer ranging from 1 to 4294967295.
peer peer-ip

Enables VXLAN packet statistics collection based on the IP address of the peer VTEP.

The value is in dotted decimal notation.

Views

NVE interface view

Default Level

2: Configuration level

Usage Guidelines

By default, VXLAN traffic statistics collection is disabled. To enable the VXLAN traffic statistics collection function based on a VNI ID and VXLAN tunnel, run the vxlan statistics enable command. If the function of collecting VXLAN packet statistics is disabled, you cannot obtain the statistics.

Example

# Enable the VXLAN packet statistics collection function based on the VNI with the ID of 1 and the IP address of the peer VTEP as 1.1.1.2.
<HUAWEI> system-view
[HUAWEI] interface nve 1
[HUAWEI-Nve1] source 1.1.1.1
[HUAWEI-Nve1] vni 1 head-end peer-list 1.1.1.2
[HUAWEI-Nve1] vxlan statistics peer 1.1.1.2 vni 1 enable

vxlan tunnel-status track exact-route

Function

The vxlan tunnel-status track exact-route command enables subscription to the status of the exact route to a VXLAN tunnel destination.

The undo vxlan tunnel-status track exact-route command disables subscription to the status of the exact route to a VXLAN tunnel destination.

By default, subscription to the status of the exact route to a VXLAN tunnel destination is disabled.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vxlan tunnel-status track exact-route

undo vxlan tunnel-status track exact-route

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, if the exact route to the source IP address of a VXLAN tunnel is reachable and the route to the network segment where the destination IP address resides is reachable, the VXLAN tunnel is considered Up. In actual networking, however, there may be multiple destination addresses on the same network segment. If one destination address is reachable, the network segment is reachable. If an IP address on the network segment is unreachable, the tunnel status is incorrectly reported and network problems cannot be detected in a timely manner. In this case, you can run the vxlan tunnel-status track exact-route command to enable subscription to the status of the exact route to the VXLAN tunnel destination. In this case, the VXLAN tunnel is Up only when the 32-bit or 128-bit host IP address of the destination VTEP is reachable. Otherwise, the VXLAN tunnel is Down.

You can run the display vxlan tunnel command to view the VXLAN tunnel status.

Example

# Enable subscription to the status of the exact route to a VXLAN tunnel destination.
<HUAWEI> system-view
[HUAWEI] vxlan tunnel-status track exact-route

vxlan vni

Function

The vxlan vni command creates a VXLAN network identifier (VNI) and binds it to a BD.

The undo vxlan vni command unbinds a VNI from a BD.

By default, no VNI is created.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vxlan vni vni-id

undo vxlan vni vni-id

Parameters

Parameter Description Value
vni-id

Specifies the VNI ID.

The value is an integer ranging from 1 to 16777215.

Views

Bridge domain view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A virtual network (VN) on a VXLAN is a virtual broadcast domain. To allow a BD to function as a VXLAN network entity to transmit VXLAN traffic, run the vxlan vni command to map a VNI to a BD.

Precautions

  • The VNI bound to a VPN instance cannot be bound to a BD.

Example

# Associate VNI 5000 with BD 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] vxlan vni 5000

vxlan vni (Bridge domain view)

Function

The vxlan vni command creates a VXLAN network identifier (VNI) and maps a VNI to a bridge domain (BD) in 1:1 mode.

The undo vxlan vni command deletes the mapping between a VNI and a BD.

The vxlan vni split-group command configures a mapping VNI to be associated with a BD and specifies the split horizon group (SHG) to which the mapping VNI belongs.

The undo vxlan vni split-group command restores the default configuration.

By default, no VNI is created and no mapping VNI is associated with a BD.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vxlan vni vni-id [ split-group split-group-name ]

undo vxlan vni vni-id [ split-group split-group-name ]

Parameters

Parameter Description Value
vni-id

Specifies the VNI ID.

The value is an integer ranging from 1 to 16777215.
split-group split-group-name

Specifies the ID of the mapping VNI associated with the current BD.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. The string can contain spaces if it is enclosed with double quotation marks (").

Views

Bridge domain view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A virtual network (VN) on a VXLAN is a virtual broadcast domain. To allow a BD to function as a VXLAN network entity to transmit VXLAN traffic, run the vxlan vni command to map a VNI to a BD in 1:1 mode.

To implement Layer 2 communication between hosts in different DCs in a scenario where segment VXLAN is used, run the vxlan vni split-group command on transit leaf nodes (edge devices interconnecting the DCs) to configure a mapping VNI to be associated with the BD. The mapping VNI is used for the VXLAN tunnel between the DCs. After this configuration is complete, a transit leaf node replaces the VNI in VXLAN packets received within the DC with the mapping VNI. This configuration decouples the VNI space for a DC's network from the VNI space for the network between DCs and isolates faults.

Additionally, to prevent loops when a transit leaf node forwards BUM traffic, the split horizon group to which the mapping VNI belongs must be specified, so that devices within a DC belong to the default SHG, and transit leaf nodes between DCs belong to the specified SHG. In this manner, when a transit leaf node receives BUM traffic, it does not forward traffic to a device belonging to the same SHG, therefore preventing loops.

Precautions

This command is mutually exclusive with the port vlan exclude command.

The VNI bound to a VPN instance cannot be bound to a BD.

For the same mapping VNI, the split-group parameter in the vxlan vni split-group command must reference the value configured using the vni head-end peer-list split-group or peer split-group command.

Example

# Configure a mapping VNI to be associated with BD 10 and specify the SHG to which the mapping VNI belongs.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] vxlan vni 30 split-group p
# Associate VNI 5000 with BD 10.
<HUAWEI> system-view
[HUAWEI] bridge-domain 10
[HUAWEI-bd10] vxlan vni 5000

vxlan vni (VPN instance view)

Function

The vxlan vni command binds a VXLAN network identifier (VNI) to a virtual private network (VPN) instance.

The undo vxlan vni command unbinds a VNI from a VPN instance.

By default, a VNI is not bound to any VPN instance.

This command is supported only on the S6730-H-V2 and S5732-H-V2.

Format

vxlan vni vni-id

undo vxlan vni vni-id

Parameters

Parameter Description Value
vni-id

Specifies a VNI ID.

The value is an integer ranging from 1 to 16000000.

Views

VPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To isolate tenants at Layer 3, VPN is generally used. In a distributed VXLAN gateway scenario, to implement Layer 3 communication through a Layer 3 gateway, the Layer 3 gateway must be bound to a VPN instance.

The Layer 3 gateway assigns a Layer 2 VNI to each tenants and a Layer 3 VNI to each tenant identified by a VPN instance. To bind a VNI to a VPN instance, run the vxlan vni command. During Layer 3 communication through the Layer 3 gateway, the VNI ID bound to the VPN instance is transmitted to the remote Layer 3 gateway through the VXLAN tunnel. The remote Layer 3 gateway identifies VPNs based on tenants' VNI IDs to determine whether tenants belong to the same VPN for communication or isolation purposes.

Precautions

A VNI can be bound only to one VPN instance.

The VNI bound to a VPN instance cannot be bound to a BD.

Example

# Bind VNI 5000 to a VPN instance named huawei.
<HUAWEI> system-view
[HUAWEI] ip vpn-instance huawei
[HUAWEI-vpn-instance-huawei] vxlan vni 5000
Translation
Favorite
Download
Update Date:2024-12-20
Document ID:EDOC1100305019
Views:77254
Downloads:517
Average rating:0.0Points

Related Documents

Digital Signature File

digtal sigature tool