Upload
hoangnguyet
View
306
Download
12
Embed Size (px)
Citation preview
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd. i
Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: [email protected]
HUAWEI NetEngine Router
Configuration Guide - VxLAN About This Document
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
About This Document
Intended Audience
This document describes the IP Routing features in terms of its overview, principle, and
applications.
This document together with other types of document helps intended readers get a deep
understanding of the Security features.
This document is intended for:
Network planning engineers
Commissioning engineers
Data configuration engineers
System maintenance engineers
Related Versions (Optional)
The following table lists the product versions related to this document.
Product Name Version
HUAWEI NetEngine Router V800R008C10
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
HUAWEI NetEngine Router
Configuration Guide - VxLAN About This Document
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
Symbol Description
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save
time.
Provides additional information to emphasize or supplement
important points of the main text.
HUAWEI NetEngine Router
Configuration Guide - VxLAN Contents
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
Contents
About This Document .................................................................................................................... ii
1 Configuration Command............................................................................................................. 1
1.1 bridge-domain (System view) .......................................................................................................................... 1
1.2 description (BD view) ...................................................................................................................................... 2
1.3 display bridge-domain ...................................................................................................................................... 3
1.4 display bridge-domain statistics ....................................................................................................................... 8
1.5 display interface nve....................................................................................................................................... 10
1.6 display mac-address bridge-domain ............................................................................................................... 11
1.7 display mac-address total-number .................................................................................................................. 14
1.8 display vxlan tunnel ....................................................................................................................................... 15
1.9 display vxlan vni ............................................................................................................................................ 16
1.10 encapsulation (Layer 2 sub-interface view) ................................................................................................. 19
1.11 interface mode l2 .......................................................................................................................................... 21
1.12 interface nve ................................................................................................................................................. 22
1.13 interface vbdif .............................................................................................................................................. 23
1.14 mac-address (BDIF interface view) ............................................................................................................. 24
1.15 reset bridge-domain statistics ....................................................................................................................... 26
1.16 reset mac-address bridge-domain ................................................................................................................. 27
1.17 source (NVE interface view) ........................................................................................................................ 28
1.18 statistics enable (BD view) ........................................................................................................................... 29
1.19 vni head-end peer-list ................................................................................................................................... 30
1.20 vxlan vni ....................................................................................................................................................... 32
2 VxLAN Configuration ................................................................................................................ 33
2.1 VXLAN Overview ......................................................................................................................................... 33
2.2 Configuring VXLAN (in Single-Node Mode) ............................................................................................ 35
2.2.1 Configuring Communication Within a Network Segment Through a VXLAN Tunnel ............... 35
2.2.1.1 Configuring Service Access Points to Differentiate Service Traffic ............................................ 36
2.2.1.2 Configuring a VXLAN Tunnel to Forward Service Traffic ......................................................... 38
2.2.1.3 Checking the Configurations ....................................................................................................... 39
2.3 Maintaining VXLAN ..................................................................................................................................... 40
2.3.1 Clearing VXLAN Packet Statistics ....................................................................................................... 40
HUAWEI NetEngine Router
Configuration Guide - VxLAN Contents
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
2.3.2 Monitoring the VXLAN Operating Status ............................................................................................ 40
2.3.3 Configuring the VXLAN Alarm Report Function................................................................................. 41
2.4 Configuration Example ............................................................................................................................... 41
2.4.1 Example for Configuring Users on the Same Network Segment to Communicate Through a VXLAN
Tunnel(In Single-Node Mode) ....................................................................................................................... 41
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
1 Configuration Command
1.1 bridge-domain (System view)
Function
The bridge-domain command creates a bridge domain (BD) and displays the BD view, or
directly displays the BD view if the BD exists.
The undo bridge-domain command deletes a BD.
By default, no BD is created.
Format
bridge-domain bd-id
undo bridge-domain bd-id
Parameters
Parameter Description Value
bd-id Specifies a
BD ID.
The value is an
integer ranging from 1
to 32768.
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
A virtual network (VN) on a VXLAN is a virtual broadcast domain. VXLAN network
identifiers (VNIs) identifying VNs must be mapped to BDs in 1:1 mode so that a BD can
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
function as a VXLAN network entity to transmit VXLAN traffic. To create a BD, run the
bridge-domain command.
Follow-up Procedure
Run the interface vbdif fp-id:bd-id command to create a Layer 3 BDIF interface for a BD.
A BD functions similar to a VLAN as a broadcast domain. A BDIF interface, also similar to
a VLANIF interface, can be used for Layer 2 termination and Layer 3 access.
Example
# Create a BD with the ID of 10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
1.2 description (BD view)
Function
The description command configures a description for a bridge domain (BD).
The undo description command deletes the description of a BD.
By default, no description is configured for any BD.
Format
description description
undo description
Parameters
Parameter Description Value
description Specifies a
description.
The value is a string of
1 to 80 case-sensitive
characters, spaces
supported.
Views
BD view
Default Level
2: Configuration level
Usage Guidelines
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
If the bridge-domain bd-id command has been run several times to configure multiple
BDs, run the description command to configure a description for each BD. The
description helps rapidly understand the BD's function, which facilitates service
management.
Example
# Configure the description VXLAN for the BD with the ID of 10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] description VXLAN
1.3 display bridge-domain
Function
The display bridge-domain command displays BD configurations.
Format
display bridge-domain [ bd-id [ brief | verbose ] ]
Parameters
Parameter Description Value
bd-id Specifies a BD ID. The value is an
integer ranging
from 1 to 32768.
brief Displays brief BD
configurations.
-
verbose Displays detailed
BD configurations.
-
Views
All views
Default Level
1: Monitoring level
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
Usage Guidelines
After creating BDs, run the display bridge-domain command to check BD configurations.
The command output helps verify configurations and locate faults.
Example
# Display configurations of all BDs.
<HUAWEI> display bridge-domain
The total number of bridge-domains is : 2
------------------------------------------------------------------
--------------
MAC_LRN: MAC learning; STAT: Statistics; SPLIT:
Split-horizon;
BC: Broadcast; MC: Unknown multicast; UC: Unknown
unicast;
*down: Administratively down; FWD: Forward; DSD: Discard;
------------------------------------------------------------------
--------------
BDID State MAC-LRN STAT BC MC UC SPLIT Description
------------------------------------------------------------------
--------------
10 up enable disable FWD FWD FWD disable vni 5010
20 up enable disable FWD FWD FWD disable vni 5020
# Display the configurations of bridge domain 10.
<HUAWEI> display bridge-domain 10
------------------------------------------------------------------
--------------
MAC_LRN: MAC learning; STAT: Statistics; SPLIT:
Split-horizon;
BC: Broadcast; MC: Unknown multicast; UC: Unknown
unicast;
*down: Administratively down; FWD: Forward; DSD: Discard;
U: Up; D: Down;
------------------------------------------------------------------
--------------
BDID Ports
------------------------------------------------------------------
--------------
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
10
BDID State MAC-LRN STAT BC MC UC SPLIT Description
------------------------------------------------------------------
--------------
10 down enable disable FWD FWD FWD disable
BDID VLANIDs
------------------------------------------------------------------
--------------
10 1(D)
# Display detailed configurations of bridge domain 10.
<HUAWEI> display bridge-domain 10 verbose
Bridge-domain ID : 10
Description : vni 5010
State : Up
MAC Learning : Enable
Statistics : Disable
Broadcast : Forward
Unknown-unicast : Forward
Unknown-multicast : Forward
Split-horizon : Disable
----------------
Interface State
Eth-Trunk0.9040 up
Eth-Trunk100.3 up
Item Description
The total number
of bridge-domains
is
Total number of BDs configured.
BDID BD ID.
A BD ID can be configured using the
bridge-domain bd-id command in the system
view.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
Item Description
State BD status:
up
down
MAC-LRN Whether MAC address learning is enabled for a
BD:
disable
enable
STAT Whether traffic statistics collection is enabled for
a BD:
disable
enable
Traffic statistics collection can be enabled using
the statistics enable command in the BD view.
BC Whether broadcast packets are forwarded in a
BD:
FWD: Broadcast packets are forwarded.
DSD: Broadcast packets are discarded.
MC Whether multicast packets are forwarded in a BD:
FWD: Multicast packets are forwarded.
DSD: Multicast packets are discarded.
UC Whether unknown unicast packets are forwarded
in a BD:
FWD: Unknown unicast packets are forwarded.
DSD: Unknown unicast packets are discarded.
SPLIT Whether split horizon is enabled for a BD:
disable
enable
Description Description of a BD.
A description can be configured for a BD using
the description (BD view) command.
VLANIDs ID of the VLAN bound to a BD.
Table Description of the display bridge-domain verbose command output
Item Description
Bridge-domain ID BD ID.
A BD ID can be configured using the
bridge-domain bd-id command in the system
view.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
Item Description
Description Description of a BD.
A description can be configured for a BD using
the description (BD view) command.
State BD status:
Up
Down
MAC Learning Whether MAC address learning is enabled for a
BD:
Disable
Enable
Statistics Whether traffic statistics collection is enabled for
a BD:
Disable
Enable
Traffic statistics collection can be enabled using
the statistics enable command in the BD view.
Broadcast Whether broadcast packets are forwarded in a
BD:
Forward: Broadcast packets are forwarded.
Discard: Broadcast packets are discarded.
Unknown-unicast Whether unknown unicast packets are forwarded
in a BD:
Forward: Unknown unicast packets are forwarded.
Discard: Unknown unicast packets are discarded.
Unknown-multicast Whether multicast packets are forwarded in a BD:
Forward: Multicast packets are forwarded.
Discard: Multicast packets are discarded.
Split-horizon Whether split horizon is enabled for a BD:
Disable
Enable
Interface State Status of each Layer 2 sub-interface added to a
bridge domain.
up: The data link layer protocol of the Layer 2 sub-interface starts properly.
down: The data link layer protocol of the Layer 2 sub-interface starts is abnormal.
In VXLAN dual-active access networking, after an
interface is configured as a peer-link interface,
the device automatically creates a QinQ
sub-interface for each VNI on the interface. The
QinQ sub-interface is used to add the two
M-LAG-enabled devices to the corresponding BD
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
Item Description
of the VNI. Users cannot perform operations on
the QinQ sub-interface.
1.4 display bridge-domain statistics
Function
The display bridge-domain statistics command displays traffic statistics of a bridge
domain (BD).
Format
display bridge-domain bd-id statistics
Parameters
Parameter Description Value
bd-id Specifies a
BD ID.
The value is an
integer ranging from 1
to 32768.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
To check traffic statistics of a BD when monitoring it, run the display bridge-domain
statistics command. The command output helps locate faults.
Prerequisites
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
To ensure that the display bridge-domain statistics command displays valid statistics
entries, you must have performed the following operations before running the display
bridge-domain statistics command:
1. A BD has been created using the bridge-domain bd-id command in the system view.
2. Traffic statistics collection has been enabled for the BD using the statistics enable command in the BD view.
Example
# Display traffic statistics of BD10.
<HUAWEI> display bridge-domain 10 statistics
Slot: 1/3
------------------------------------------------------------------
--------
Item Packets Bytes
------------------------------------------------------------------
--------
Inbound 0 0
Outbound 0 0
------------------------------------------------------------------
--------
Table Description of the display bridge-domain statistics command output
Item Description
Slot Slot number.
Item Statistics items to be displayed.
Packets Number of packets.
Bytes Number of bytes.
Inbound Number of packets received in the BD.
Outbound Number of packets sent from the BD
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
1.5 display interface nve
Function
The display interface nve command displays information about network virtualization
edge (NVE) interfaces.
Format
display interface nve [ nve-number ]
Parameters
Parameter Description Value
nve-number Specifies the number of
an NVE interface.
If nve-number is not
specified, information
about all NVE interfaces
is displayed.
The
number
can only
be 1.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
To monitor the status of an NVE interface or locate an NVE interface faults on a VXLAN,
run the display interface nve command to check information about the NVE interface.
Example
# Display information about NVE interface.
<HUAWEI> display interface nve 1
Nve1 current state : UP (ifindex: 711)
Line protocol current state : UP
Description:
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is -
Table 1 Description of the display interface nve command output
Item Description
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
Table 1 Description of the display interface nve command output
Item Description
Nve1 current state Physical status of NVE interface.
The physical status retains UP
after NVE interface is created.
Line protocol current state Link layer protocol status of NVE
interface. The link layer protocol
status retains UP after NVE
interface is created.
Description NVE interface description. The
description can be modified using
the description command. If no
description is configured, nothing
is displayed for this field.
IP Sending Frames' Format is Format of the Ethernet frames
sent by NVE interface. The format
can only be PKTFMT_ETHNT_2.
NVE interface can identify the
following formats when receiving
Ethernet frames:
PKTFMT_ETHNT_2
Ethernet_SNAP
802.2
802.3
Hardware address is MAC address of NVE interface.
Currently, only a hyphen (-) is
displayed.
1.6 display mac-address bridge-domain
Function
The display mac-address bridge-domain command displays MAC address entries in a
specified bridge domain (BD).
Format
# Display all MAC address entries in specified bridge domain.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
display mac-address [ mac-address ] bridge-domain bd-id
# Display static MAC address entries in a specified bridge domain.
display mac-address static bridge-domain bd-id
Parameters
Parameter Description Value
mac-address Displays an entry
with a specified
MAC address.
The value is in
the format of
H-H-H. Each H
is a 4-digit
hexadecimal
number, such
as 00e0 or fc01.
If an H contains
less than four
digits, 0s are
added ahead.
For example,
e0 is equal to
00e0.
bd-id Displays MAC
address entries in
a bridge domain
with a specified
ID.
The value is an
integer ranging
from 1 to
32768.
static Displays static
MAC address
entries.
The static
parameter
configured in this
command helps
verify that a user
device is correctly
bound to an
interface so that
the device secure
authorized user's
communication.
-
Views
All views
Default Level
1: Monitoring level
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
Usage Guidelines
To adapt to a changing network, the MAC address table needs to be updated constantly.
To check MAC address entries in a BD, run the display mac-address bridge-domain
command.
Example
# Display all MAC address entries in bridge domain 10.
<HUAWEI> display mac-address bridge-domain 1019
Flags: * - Backup
BD : bridge-domain
------------------------------------------------------------------
-------------
MAC Address VLAN/VSI/BD Learned-From
Type
------------------------------------------------------------------
-------------
e468-a356-0cb2 -/-/1019 GigabitEthernet4/0/6
dynamic
------------------------------------------------------------------
-------------
Total items: 1
Table 1 Description of the display mac-address bridge-domain command output
Item Description
Backup Backup path
MAC Address Destination MAC address
VLAN/VSI/BD VLAN: ID of a VLAN to which an interface belongs
VSI: ID of a VSI associated with an interface
BD: ID of a BD to which an interface belongs
Learned-From Static MAC address configured for an interface if the MAC address entry type is static
MAC address dynamically learned by an interface if the MAC address entry type is dynamic
Type MAC address entry type:
static: static MAC address entries
dynamic: dynamic MAC address entries.
Total items Total number of MAC address entries matching the
configured conditions.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
1.7 display mac-address total-number
Function
The display mac-address total-number bridge-domain command displays the total
number of MAC address entries in a bridge domain (BD).
Format
display mac-address total-number [ static ] bridge-domain bd-id
Parameters
Parameter Description Value
static Displays the
number of static
MAC address
entries.
-
bridge-domain
bd-id
Displays the
number of MAC
address entries in
a specified BD.
The value is
an integer
ranging from
1 to 32768.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
To check the total number of MAC address entries in a BD, run the display mac-address
total-number bridge-domain command.
Example
# Display the total number of MAC address entries in BD 10.
<HUAWEI> display mac-address total-number bridge-domain 10
Total number of mac-address : 5
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
Table 1 Description of the display mac-address total-number bridge-domain command
output
Item Description
Total number
of
mac-address
Total number of MAC address entries in the specified
BD
1.8 display vxlan tunnel
Function
The display vxlan tunnel command displays VXLAN tunnel information.
Format
display vxlan tunnel [ tunnel-id ] [ verbose ]
Parameters
Parameter Description Value
tunnel-id Specifies a
VXLAN tunnel
ID.
The value is an
integer ranging
from 1 to
4294967295.
verbose Displays detailed
VXLAN tunnel
information.
-
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After VXLAN tunnels are established, run the display vxlan tunnel command to check
tunnel information. The command output helps verify configurations and locate faults.
Example
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
# Display detailed VXLAN tunnel information.
<HUAWEI> display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID Source Destination State Type
--------------------------------------------------------------
33686018 1.1.1.1 2.2.2.2 up static
33686019 1.1.1.1 2.2.2.3 up static
Table 1 Description of the display vxlan tunnel command output
Item Description
Number of
vxlan
tunnel Number of VXLAN tunnels that have been established
Tunnel ID
VXLAN tunnel ID, which is automatically allocated after a
VXLAN tunnel is established
Source VXLAN tunnel's source IP address
Destination VXLAN tunnel's destination IP address
State
VXLAN tunnel status:
up: The tunnel is reachable.
down: The tunnel is unreachable.
Type
VXLAN tunnel type
The VXLAN tunnel status is determined by how peer-list
ip-address is specified in the vni vni-id head-end
peer-list ip-address &<1-10> command:
static: peer-list ip-address is statically configured.
dynamic: peer-list ip-address is dynamically learned by a routing protocol.
1.9 display vxlan vni
Function
The display vxlan vni command displays VXLAN configurations.
Format
display vxlan vni [ vni-id [ verbose ] ]
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
Parameters
Parameter Description Value
vni-id Specifies a VNI ID. The value is an
integer ranging
from 4096 to
16000000.
verbose Displays detailed
configurations of the
VXLAN with a
specified VNI ID.
-
Views
All views
Default Level
1: Monitoring level
Task Name and Operations
Task Name Operations
nvo3 read
Usage Guidelines
Usage Scenario
After a VXLAN is configured, to check the VNI status and BD to which the VNI is mapped,
run the display vxlan vni command. The command output helps you determine whether
the VXLAN is correctly configured.
Precautions
Before running the display vxlan vni command, ensure that the specified VNI exists.
Otherwise, the information obtained will be inapplicable.
Example
# Display VXLAN configurations.
<HUAWEI> display vxlan vni
Number of vxlan vni: 2
VNI BD-ID State
---------------------------------------
5010 10 up
5020 20 up
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
# Display detailed configurations of the VXLAN with VNI5000.
<HUAWEI> display vxlan vni 5000 verbose
BD ID : 10
State : up
NVE : 1610612739
Source : 1.1.1.1
UDP Port : 4789
BUM Mode : head-end
Group Address : -
Peer List : 2.2.2.2 2.2.2.3
Table 1 Description of the display vxlan vni command output
Item Description
Number
of vxlan
vni Number of VNIs configured
VNI
VNI ID, which is configured using the vxlan vni vni-id
command
BD-ID
(BD ID)
ID of the BD to which a VNI is mapped, which is configured
using the bridge-domain bd-id command
State
VNI status:
up
down
The status of a VNI is up only when the VXLAN tunnel identified by the VNI
exists and is up.
If the VNI status is down, check whether the source and
destination IP addresses displayed in the Source and Peer
List fields in the display vxlan vni command output are
consistent with those displayed in the Source and
Destination fields in the display vxlan tunnel command
output.
If they are inconsistent, the VXLAN tunnel identified by the VNI does not exist.
Run the source ip-address or vni vni-id head-end peer-list ip-address
&<1-10> command to change the source or destination IP address of the
VXLAN tunnel to ensure that the VXLAN tunnel exists.
If they are consistent, collect configuration information and contact Huawei technical support engineers.
NVE NVE interface
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
Table 1 Description of the display vxlan vni command output
Item Description
Source
Source VTEP's IP address, which can be configured using
the source ip-address command
UDP
Port Destination UDP port number, which is fixed at 4789
BUM
Mode
Broadcast, unknown unicast, and multicast mode, which
allows a VNI to use ingress replication to forward BUM
packets
Group
Address
Group address mode, which allows a VNI to use multicast
replication to forward BUM packets
This field displays as a hyphen (-) because multicast
replication is not supported.
Peer
List
Remote VTEPs' IP addresses, which can be configured
using the vni vni-id head-end peer-list ip-address &<1-10>
command
1.10 encapsulation (Layer 2 sub-interface view)
Function
The encapsulation command specifies an encapsulation type of packets allowed to pass
through a Layer 2 sub-interface.
The undo encapsulation command deletes an encapsulation type of packets allowed to
pass through a Layer 2 sub-interface.
By default, an encapsulation type of packets allowed to pass through a Layer 2
sub-interface is not specified.
Format
encapsulation { { dot1q vid vid } | default | untag }
undo encapsulation { { dot1q vid vid } | default | untag }
Parameters
Parameter Description Value
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
dot1q Indicates the dot1q
encapsulation type, which
allows a Layer 2
sub-interface to receive
tagged packets.
-
vid vid Specifies a VLAN ID in
the outer VLAN tag.
The value
is an
integer
ranging
from 1 to
4094.
default Indicates the default
encapsulation type, which
allows a Layer 2
sub-interface to receive
all packets, irrespective of
whether the packets carry
VLAN tags.
-
untag Indicates the untag
encapsulation type, which
allows a Layer 2
sub-interface to receive
only untagged packets.
-
Views
Layer 2 sub-interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
Packets on a VXLAN either carry a VLAN tags or do not carry VLAN tags. To allow these
packets to be transmitted through different Layer 2 sub-interfaces, run the encapsulation
command to configure an encapsulation type for each Layer 2 sub-interface.
Prerequisites
An Layer 2 sub-interface has been created using the interface interface-type
interface-number.subnum mode l2 command in the system view.
Precautions
Each Layer 2 sub-interface can have only one encapsulation type configured. Before
changing an encapsulation type, run the undo encapsulation command to delete the
existing encapsulation type. Then run the encapsulation command to specify an
encapsulation type.
Example
# Enable untagged encapsulation on Layer 2 sub-interface GigabitEthernet1/0/1.1.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
<HUAWEI> system-view
[~HUAWEI] interface ge 1/0/1.1 mode l2
[*HUAWEI-GigabitEthernet1/0/1.1] encapsulation untag
1.11 interface mode l2
Function
The interface mode l2 command creates a Layer 2 sub-interface and displays the Layer 2
sub-interface view.
The undo interface command deletes a Layer 2 sub-interface.
By default, no Layer 2 sub-interface is created.
Format
interface interface-type interface-number.subnum mode l2
undo interface interface-type interface-number.subnum
Parameters
Parameter Description Value
interface-type
interface-number.subnum
Specifies the
type and
number of a
Layer 2
sub-interface.
-
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
The Virtual eXtensible Local Area Network (VXLAN) module defines Layer 2
sub-interfaces as service access points. Only Layer 2 sub-interface provide access
services. To create a Layer 2 sub-interface, run the interface mode l2 command.
Prerequisites
Before using the interface mode l2 command on a main interface, ensure that no Layer 2
sub-interface is created on the main interface. If there is a sub-interface, run the undo
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
interface interface-type interface-number.subinterface-number command to delete the
sub-interface.
Follow-up Procedure
Run the bridge-domain bd-id command to add a created Layer 2 sub-interface to a bridge
domain (BD) so that services can be transmitted in the bridge domain.
Precautions
Layer 2 sub-interfaces can only send access packets to bridge domains, not Layer 3
networks. Each Layer 2 sub-interface can be added to only one BD.
Example
# Create a Layer 2 sub-interface GigabitEthernet 1/0/1.1.
<HUAWEI> system-view
[~HUAWEI] interface ge 1/0/1.1 mode l2
1.12 interface nve
Function
The interface nve command creates a network virtualization edge (NVE) interface or
displays an NVE interface view.
The undo interface nve command deletes an NVE interface.
By default, no NVE interfaces are created.
Format
interface nve nve-number
undo interface nve nve-number
Parameters
Parameter Description Value
nve-number Specifies the number
of an NVE interface.
The value
ranges from 1
to 2.
Views
System view
Default Level
2: Configuration level
Usage Guidelines
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
Usage Scenario
To exert server virtualization advantages, deploy a VXLAN on an NVE interface for
multi-tenant access. To create an NVE interface, run the interface nve command.
Precautions
After configuring a VXLAN tunnel, if you run the undo interface nve command, the
specified NVE interface and its configurations will be deleted.
Example
# Create NVE interface.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
1.13 interface vbdif
Function
The interface vbdif command creates a BDIF interface and displays the BDIF interface
view, or directly displays the BDIF interface view if the BDIF interface exists.
The undo interface vbdif command deletes a BDIF interface.
By default, no BDIF interface is created.
Format
interface vbdif bd-id
undo interface vbdif bd-id
Parameters
Parameter Description Value
bd-id Specifies a
BD ID.
The value is an
integer ranging from 1
to 32768.
Views
System view
Default Level
2: Configuration level
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
Usage Guidelines
Usage Scenario
IP routes are required for communication between VXLANs on different network segments
and between VXLANs and non-VXLANs.
To allow communication between these networks, run the vxlan vni command to map a
VNI to a BD in 1:1 mode, run the interface vbdif command to create a BDIF interface for
the BD, and configure an IP address for the BD. As a BDIF interface is a Layer 3 logical
interface similar to a VLANIF interface, it can have an IP address configured.
Prerequisites
A BD has been created using the bridge-domain command.
Follow-up Procedure
Run the ip address command to configure an IP address for a BDIF interface.
Example
# Create BDIF10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] quit
[*HUAWEI] interface vbdif 10
1.14 mac-address (BDIF interface view)
Function
The mac-address command configures a MAC address for a BDIF interface.
The undo mac-address command restores the default MAC address of a BDIF interface.
By default, the MAC address of a BDIF interface is the system MAC address.
Format
mac-address mac-address
undo mac-address
Parameters
Parameter Description Value
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
25
mac-address Specifies a
MAC
address for a
BDIF
interface.
The value is in the
format of H-H-H.
Each H is a 4-digit
hexadecimal
number, such as
00e0 or fc01. If an H
contains less than
four digits, 0s are
added ahead. For
example, e0 is equal
to 00e0. A MAC
address cannot be
all 0s or 1s or a
multicast MAC
address.
Views
BDIF interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
Figure 1 Default MAC address of BDIF interface
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
By default, BDIF interfaces of VXLAN Layer 3 gateways use the same MAC address, that
is the system MAC address, as shown in Figure 1.
On a network with distributed or centralized multi-active VXLAN gateways that need to be
simulated into one, you need to run the mac-address command to configure the same
MAC address for the BDIF interfaces of VXLAN Layer 3 gateways. In this way, terminals
connect to the same gateway, ensuring normal traffic forwarding and VM migration.
Configuration Impact
After you configure a MAC address for a BDIF interface, the device will actively send
gratuitous ARP packets to update the mapping between MAC addresses and interfaces of
other devices.
Configuration Impact
Currently, the SNC controller cannot deliver MAC addresses of all-active VXLAN
gateways.
Example
# Configure the MAC address 0000-5e00-0101 for BDIF10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] quit
[*HUAWEI] interface vbdif 10
[*HUAWEI-Vbdif10] mac-address 0000-5e00-0101
1.15 reset bridge-domain statistics
Function
The reset bridge-domain statistics command clears traffic statistics of a BD.
Format
reset bridge-domain bd-id statistics
Parameters
Parameter Description Value
bd-id Clears traffic
statistics of a
specified bridge
domain ID.
The value is an
integer ranging
from 1 to
32768.
Views
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
User view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
Before you collect traffic statistics within a specified period for a BD, run the reset
bridge-domain statistics command to clear existing statistics so that traffic statistics can
be collected again, ensuring that the statistics are correct.
Prerequisites
A BD has been created using the bridge-domain bd-id command in the system view.
Precautions
Traffic statistics of a BD are cleared and cannot be restored. Exercise caution when
running the reset bridge-domain statistics command.
Example
# Clear traffic statistics of BD 10.
<HUAWEI> reset bridge-domain 10 statistics
1.16 reset mac-address bridge-domain
Function
The reset mac-address bridge-domain command deletes dynamically learned MAC
address entries in a bridge domain (BD).
Format
reset mac-address bridge-domain bd-id
Parameters
Parameter Description Value
bd-id Deletes MAC
address entries with a
specified bridge
domain ID.
The value is
an integer
ranging from 1
to 32768.
Views
User view
Default Level
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
2: Configuration level
Usage Guidelines
Usage Scenario
To delete dynamically learned MAC address entries (entries to be deserted, for example)
in a BD, run the reset mac-address bridge-domain command.
Prerequisites
A BD has been created using the bridge-domain bd-id command in the system view.
Precautions
After the reset mac-address bridge-domain command is run, the dynamically learned
MAC address entries are deleted and cannot be restored. Exercise caution when running
the command.
Currently, you can only delete VXLAN MAC address entries by the BD.
Example
# Delete MAC address entries in a specified BD 10.
<HUAWEI> reset mac-address bridge-domain 10
1.17 source (NVE interface view)
Function
The source command configures an IP address for a source VXLAN tunnel endpoint
(VTEP).
The undo source command deletes the IP address of a source VTEP.
By default, no IP address is configured for any source VTEP.
Format
source ip-address
undo source [ ip-address ]
Parameters
Parameter Description Value
ip-address Specifies an IP
address for a
source VTEP.
The value is in
dotted decimal
notation.
Views
NVE interface view
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
A VTEP is a VXLAN tunnel endpoint that encapsulates or decapsulates VXLAN packets. It
is represented by a network virtualization edge (NVE).
To configure an IP address for a source VTEP, run the source command. In VXLAN
packets, the source IP address is the source VTEP's IP address, and the destination IP
address is a remote VTEP's IP address. This pair of VTEP addresses corresponds to a
VXLAN tunnel.
Precautions
Either a physical interface's IP address or loopback interface address can be specified for
a source VTEP. Using the loopback interface address as the source VTEP's IP address is
recommended.
Example
# Configure the IP address 1.1.1.1 for a source VTEP.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] source 1.1.1.1
1.18 statistics enable (BD view)
Function
The statistics enable command enables traffic statistics collection for a bridge domain
(BD).
The undo statistics enable command disables traffic statistics collection in a BD.
By default, traffic statistics collection is disabled in BDs.
Format
statistics enable
undo statistics enable
Parameters
None
Views
BD view
Default Level
2: Configuration level
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
Usage Guidelines
Usage Scenario
By default, traffic statistics collection is disabled in BDs. Before you run the display
bridge-domain statistics command to view traffic statistics for fault locating, run the
statistics enable command in the BD view to enable traffic statistics collection. If traffic
statistics collection is not enabled for a BD, you cannot obtain the traffic statistics in the
BD.
Precautions
After traffic statistics collection is enabled for a BD, the device counts every packet received in the BD. If a large number of packets pass through the BD, the device counts all these packets and subsequently stores large amounts of statistics, causing device operation performance to deteriorate.
If traffic statistics collection is not needed in a BD, run the undo statistics enable command to disable the function.
Traffic statistics in the outbound direction do not contain packets forwarded at Layer 3.
Follow-up Procedure
Run the display bridge-domain statistics command to view traffic statistics in the BD.
The command output helps locate faults.
Example
# Enable traffic statistics collection for BD 10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] statistics enable
1.19 vni head-end peer-list
Function
The vni head-end peer-list command configures an ingress replication list for a VXLAN
network identifier (VNI).
The undo vni head-end peer-list command deletes the ingress replication list of a VNI.
By default, no ingress replication list is configured for any VNI.
Format
vni vni-id head-end peer-list ip-address &<1-10>
vni vni-id
undo vni vni-id [ head-end peer-list ip-address &<1-10> ]
Parameters
Parameter Description Value
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
vni-id Specifies a VNI ID. The value is an
integer ranging
from 4096 to
16000000.
ip-address Specifies the IP
address of a remote
VXLAN tunnel
endpoints (VTEP).
The value is in
dotted decimal
notation.
Views
NVE interface view
Default Level
2: Configuration level
Task Name and Operations
Task Name Operations
nvo3 write
Usage Guidelines
Usage Scenario
If a source VTEP on a VXLAN connects to multiple remote VTEPs on the same VXLAN
segment, run the vni head-end peer-list command to configure an ingress replication list
that contains the IP addresses of those remote VTEPs. After the source NVE receives
broadcast, unknown unicast, and multicast (BUM) packets, the local VTEP sends a copy
of the BUM packets to every VTEP in the list.
Configuration Impact
Ingress replication allows BUM packets to be transmitted in broadcast mode, independent
of multicast routing protocols.
Precautions
Even if a source VTEP connects only to one remote VTEP, you still need to run the vni
head-end peer-list command to configure an ingress replication list with the remote
VTEP's IP address specified.
Example
# Configure an ingress replication list for VNI5010, with the remote VTEPs' IP addresses
being 2.2.2.2 and 3.3.3.3.
<HUAWEI> system-view
[~HUAWEI] interface nve 1
[*HUAWEI-Nve1] vni 5010 head-end peer-list 2.2.2.2 3.3.3.3
HUAWEI NetEngine Router
Configuration Guide - VxLAN 1 Configuration Command
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
1.20 vxlan vni
Function
The vxlan vni command creates a VXLAN network identifier (VNI) and maps a VNI to a
bridge domain (BD) in 1:1 mode.
The undo vxlan vni command deletes the mapping between a VNI and a BD.
By default, no VNI is created.
Format
vxlan vni vni-id
undo vxlan vni vni-id
Parameters
Parameter Description Value
vni-id Specifies a
VNI ID.
The value is an integer
ranging from 4096 to
16000000.
Views
BD view
Default Level
2: Configuration level
Task Name and Operations
Task Name Operations
nvo3 write
Usage Guidelines
A virtual network (VN) on a VXLAN is a virtual broadcast domain. To allow a BD to function
as a VXLAN network entity to transmit VXLAN traffic, run the vxlan vni command to map
a VNI to a BD in 1:1 mode.
Example
# Map VNI5000 to BD10.
<HUAWEI> system-view
[~HUAWEI] bridge-domain 10
[*HUAWEI-bd10] vxlan vni 5000
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
2 VxLAN Configuration
2.1 VXLAN Overview
This section describes the definition, purpose, and benefits of the Virtual eXtensible Local
Area Network (VXLAN).
Definition
VXLAN is a Network Virtualization over Layer 3 (NVO) technology that uses MAC in User
Datagram Protocol (MAC-in-UDP) to encapsulate packets.
Purpose
Server virtualization is a critical cloud computing technology, and has been widely
deployed because it significantly reduces IT and operation and maintenance (O&M) costs
and facilitates more flexible service deployment.
Figure 1 Server virtualization networking
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
On the network shown in Figure 1, one server is virtualized into multiple virtual machines (VMs), each of
which acts as a host. However, the exponential increase in the number of hosts leads to the following
problems on a virtual network:
Network isolation capabilities are limited.
Most networks use VLANs or virtual private networks (VPNs) for network isolation. However, these two
network isolation technologies have the following limitations on large-scale virtualized networks:
The VLAN tag field, as defined in IEEE 802.1Q, has only 12 bits, and can only identify a maximum of 4096 VLANs, making it insufficient for identifying users on large Layer 2 networks.
VLANs or VPNs cannot support dynamic network adjustment on traditional Layer 2 networks.
VM migration scope is limited by the network architecture.
After VMs are started, they may need to be migrated from one server to another due to server resource
problems (for example, CPU overload or insufficient memory). To ensure uninterrupted services during
VM migration, the IP and MAC addresses of VMs must remain unchanged. To meet this requirement,
the service network must be a Layer 2 network that provides multipath redundancy and reliability.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
VXLAN addresses the above problems on large Layer 2 networks as follows:
Limited network isolation capabilities
VXLAN uses a VXLAN network identifier (VNI) field similar to the VLAN ID field defined in IEEE 802.1Q.
The VNI field has 24 bits and can identify a maximum of 16M VXLAN segments theoretically.
VM migration scope limitations imposed by network architecture
When VXLAN is used to construct a large Layer 2 network, VM IP and MAC addresses can remain
unchanged after VM migration.
Benefits
When server virtualization is widely deployed in data centers based on physical network infrastructure,
VXLAN offers the following benefits:
Supports a maximum of 16M VXLAN segments with 24-bit VNIs, so a data center can accommodate a large number of tenants.
Extends Layer 2 networks using MAC-in-UDP encapsulation and decouples physical and virtual networks. Tenants can plan their own virtual networks, without being limited by the physical network IP addresses or broadcast domains. This greatly simplifies network management.
2.2 Configuring VXLAN (in Single-Node Mode)
This section describes how to configure VXLAN directly on the device.
2.2.1 Configuring Communication Within a Network Segment Through a VXLAN Tunnel
A VXLAN Layer 2 gateway can implement communication between users on the same network segment
through a VXLAN tunnel and connect tenants to the VXLAN virtualized network.
Usage Scenario
An enterprise allocates physical servers and VMs on the same network segment to a tenant. When the
VMs need to communicate with one another or the physical servers, you need to configure VXLAN
Layer 2 gateways to establish VXLAN tunnels.
As shown in Figure 1:
When VM1 on Server2 needs to communicate with VM1 on Server1, configure VXLAN Layer 2 gateways on Device1 and Device2 to establish VXLAN tunnels between them.
When VM1 on Server2 needs to communicate with Server3 or Server4, configure VXLAN Layer 2 gateways on Device2, Device3, and Device4 to establish VXLAN tunnels between Device2 and Device3 or between Device2 and Device4.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
36
Figure 1 Configuring communication within a network segment through a VXLAN tunnel
Encapsulation and decapsulation of VXLAN packets are implemented on the devices supporting NVE.
Therefore, you need to perform this task on all the NVE-enabled devices, including Device1, Device2,
Device3, and Device4.
Pre-configuration Tasks
Before configuring communication within a network segment through a VXLAN tunnel, complete the
following tasks:
Implementing Layer 3 route reachability
2.2.1.1 Configuring Service Access Points to Differentiate Service Traffic
Context
On the VXLAN network, you need to configure VXLAN service access points on a VXLAN network edge
node. Currently, the device supports two methods for configuring VXLAN service access points: through
Layer 2 sub-interfaces and through binding between VLAN and bridge domain (BD).
Procedure
1. Create a VXLAN BD.
a. Run:
system-view
The system view is displayed.
b. Run:
bridge-domain bd-id
A BD is created, and the BD view is displayed.
By default, no BD is created.
c. (Optional) Run:
description description
The description of the BD is configured.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
By default, no bridge domain description is configured.
A VXLAN network may have multiple BDs. To facilitate forwarder memorization and
management, run the description command to configure description for the BDs, for example,
the service type.
d. Run:
quit
Return to the system view.
2. Configure VXLAN service access points. (Use either of the following methods as required.)
Configuring VXLAN service access points through binding between VLAN and BD
a. Run:
bridge-domain bd-id
The BD view is displayed.
b. Run:
l2 binding vlan vlan-id
A VLAN is bound to a BD.
By default, a VLAN is not bound to a BD.
Before running this command, ensure that a VLAN has been created. After a VLAN is
bound to a BD, interfaces added to the VLAN become VXLAN service access points
automatically.
Configuring VXLAN service access points through Layer 2 sub-interfaces
a. Run:
interface interface-type interface-number.subnum mode l2
The specified Layer 2 Ethernet sub-interface view is displayed.
By default, no Layer 2 sub-interface is created.
The subnum parameter specifies the number of the Ethernet sub-interface
Before running this command, ensure that the port link-type dot1q-tunnel command is
not configured for the corresponding Layer 2 main interface.
b. Run:
encapsulation { dot1q vid vid | default | untag }
The flow encryption type is configured to send different data packets to different interfaces.
By default, no flow encryption type is configured.
c. Run:
bridge-domain bd-id
A Layer 2 sub-interface is added to a BD.
By default, the Layer 2 sub-interface is not added to a BD.
3. Run:
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
commit
The configuration is committed.
Example
<HUAWEI> display bridge-domain 10
--------------------------------------------------------------------------------
MAC_LRN: MAC learning; STAT: Statistics; SPLIT: Split-horizon;
BC: Broadcast; MC: Unknown multicast; UC: Unknown unicast;
*down: Administratively down; FWD: Forward; DSD: Discard;
U: Up; D: Down;
--------------------------------------------------------------------------------
BDID Ports
--------------------------------------------------------------------------------
10 GE 1/0/1.1(D)
BDID State MAC-LRN STAT BC MC UC SPLIT Description
--------------------------------------------------------------------------------
10 down enable disable FWD FWD FWD disable vm1
2.2.1.2 Configuring a VXLAN Tunnel to Forward Service Traffic
Context
VXLAN is a tunnel encapsulation technology for large Layer 2 virtual networks. It uses MAC-in-UDP
encapsulation to extend Layer 2 networks.
VXLAN allows a virtual network to provide access services to a large number of tenants. In addition,
tenants are able to plan their own virtual networks, not limited by the physical network IP addresses or
broadcast domains. This greatly simplifies network management.
Procedure
1. Run:
system-view
The system view is displayed.
2. Run:
bridge-domain bd-id
A BD is created, and the BD view is displayed.
By default, no BD is created.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
The value of bd-id in this step must be the same as the bd-id created in step 2 of Configuring Service
Access Points to Differentiate Service Traffic.
3. Run:
vxlan vni vni-id
A VNI is created and mapped to the BD.
By default, no VNI is created.
4. Run:
quit
Return to the system view.
5. Run:
interface nve nve-number
An NVE interface is created, and the NVE interface view is displayed.
By default, no NVE interfaces are created.
6. Run:
source ip-address
An IP address is configured for the source VTEP.
By default, no IP address is configured for any source VTEP. The IP address of a loopback interface is
recommended.
7. Run:
vni vni-id head-end peer-list ip-address &<1-10>
An ingress replication list for a VNI is configured.
By default, no ingress replication list is configured for any VNI.
8. Run:
commit
The configuration is committed.
2.2.1.3 Checking the Configurations
Context
After configurations for the VXLAN are complete, run the commands to check the configurations.
Procedure
Run the display vxlan tunnel [ tunnel-id ] [ verbose ] command to check VXLAN tunnel information.
Run the display vxlan vni [ vni-id [ verbose ] ] command to check VXLAN configurations.
<HUAWEI> display vxlan tunnel
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
40
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type
--------------------------------------------------------------
4026531841 1.1.1.1 2.2.2.2 up static
<HUAWEI> display vxlan vni
Number of vxlan vni : 1
VNI BD-ID State
---------------------------------------
5010 10 up
2.3 Maintaining VXLAN
This section describes how to clear VXLAN related statistics and monitor the VXLAN operating status.
2.3.1 Clearing VXLAN Packet Statistics
Context
Before you collect VXLAN packet statistics within a certain period, clear the existing statistics on the
device to ensure statistics accuracy.
Procedure
Run the reset bridge-domain bd-id statistics command in the user view to clear packets of a specified BD statistics.
2.3.2 Monitoring the VXLAN Operating Status
Context
During the routine maintenance, you can run the following commands in any view to learn the VXLAN
operating status.
Procedure
Run the display bridge-domain [ bd-id [ brief | verbose ] ] command to view the BD configuration.
Run the display mac-address [ mac-address ] bridge-domain bd-id command to view all MAC address entries in a BD.
Run the reset mac-address bridge-domain bd-id command in the user view to delete dynamically
learned MAC address entries in a BD. After dynamic MAC address entries are deleted, services will be
interrupted temporarily, and historical entries cannot be restored. Exercise caution when you run this
command.
Run the display mac-address static bridge-domain bd-id command to view static MAC address entries in a BD.
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
Run the display mac-address total-number [ static ] bridge-domain bd-id command to view the number of MAC address entries in a BD.
2.3.3 Configuring the VXLAN Alarm Report Function
Context
You can configure the alarm report function, which help you obtain real-time running status of the VXLAN
network and facilitate operation and maintenance.
Procedure
1. Run:
system-view
The system view is displayed.
2. Run:
snmp-agent trap enable feature-name nvo3 [ trap-name { hwnvo3vxlantnldown |
hwnvo3vxlantnlup } ]
Alarm report for the VXLAN is enabled.
By default, alarm report for the VXLAN is disabled.
3. Run:
commit
The configuration is committed.
Checking the Configuration
After completing the alarm report for VXLAN, you can run the following command to check whether
alarm report is enabled.
Run the display snmp-agent trap feature-name nvo3 all command to check all trap functions of the VXLAN module.
2.4 Configuration Example
This section provides several configuration examples of VXLAN. In each configuration example, the
networking requirements, configuration roadmap, configuration procedures, and configuration files are
provided.
2.4.1 Example for Configuring Users on the Same Network Segment to Communicate Through a VXLAN Tunnel(In Single-Node Mode)
Networking Requirements
On the network shown in Figure 1, an enterprise has VMs deployed in different data centers. VM1 on
Server1 belongs to VLAN10, and VM1 on Server2 belongs to VLAN20. VM1 on Server1 and VM1 on
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
Server2 reside on the same network segment. To allow VM1s in different data centers to communicate
with each other, configure a VXLAN tunnel between Device1 and Device3.
Figure 1 Configuring users on the same network segment to communicate through a
VXLAN tunnel
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on Device1, Device2, and Device3 to allow them to communicate at Layer 3.
2. Configure a service access point on Device1 and Device3 to differentiate service traffic.
3. Configure a VXLAN tunnel on Device1 and Device3 to forward service traffic.
Data Preparation
To complete the configuration, you need the following data:
VMs' VLAN IDs (10 and 20)
Interface IP addresses for device interconnection
Routing protocol: Open Shortest Path First (OSPF)
BD ID (10)
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
VNI ID (5010)
Procedure
1. Configure a routing protocol.
Assign an IP address to each interface on Device1, Device2, and Device3 according to Figure 1. When
OSPF is used, the devices advertise the 32-bit loopback IP addresses.
# Configure Device1. The configuration on Device2 and Device 3 are similar to the configuration on
Device1 and are not mentioned here.
<HUAWEI> system-view
[~HUAWEI] sysname Device1
[*HUAWEI] commit
[~Device1] interface loopback 1
[*Device1-LoopBack1] ip address 10.2.2.2 32
[*Device1-LoopBack1] quit
[*Device1] interface GigabitEthernet 1/0/1
[*Device1-GigabitEthernet1/0/1] undo portswitch
[*Device1-GigabitEthernet1/0/1] ip address 192.168.1.1 24
[*Device1-GigabitEthernet1/0/1] quit
[*Device1] ospf
[*Device1-ospf-1] area 0
[*Device1-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.0
[*Device1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[*Device1-ospf-1-area-0.0.0.0] quit
[*Device1-ospf-1] quit
[*Device1] commit
After OSPF is configured, the devices can use OSPF to learn the IP addresses of loopback interfaces
of each other and successfully ping each other. The following example shows the command output on
Device1 after it pings Device3:
[~Device1] ping 10.4.4.4
PING 10.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.4.4.4: bytes=56 Sequence=1 ttl=254 time=5 ms
Reply from 10.4.4.4: bytes=56 Sequence=2 ttl=254 time=2 ms
Reply from 10.4.4.4: bytes=56 Sequence=3 ttl=254 time=2 ms
Reply from 10.4.4.4: bytes=56 Sequence=4 ttl=254 time=3 ms
Reply from 10.4.4.4: bytes=56 Sequence=5 ttl=254 time=3 ms
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
--- 10.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/3/5 ms
2. Configure the tunnel mode and enable the NVO3 ACL extension function.
# Configure Device1. The configuration on Device3 is similar to the configuration on Device1 and is not
mentioned here.
[~Device1] ip tunnel mode vxlan
[*Device1] assign forward nvo3 acl extend enable
[*Device1] commit
3. Configure a service access point on Device1 and Device3.
# Configure Device1. The configuration on Device3 is similar to the configuration on Device1 and is not
mentioned here.
[~Device1] vlan 10
[*Device1-vlan10] quit
[*Device1] bridge-domain 10
[*Device1-bd10] l2 binding vlan 10
[*Device1-bd10] quit
[*Device1] interface GigabitEthernet 1/0/2
[*Device1-GigabitEthernet1/0/2] port link-type trunk
[*Device1-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1
[*Device1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[*Device1-GigabitEthernet1/0/2] quit
[*Device1] commit
4. Configure a VXLAN tunnel on Device1 and Device3.
# Configure Device1. The configuration on Device3 is similar to the configuration on Device1 and is not
mentioned here.
[~Device1] bridge-domain 10
[~Device1-bd10] vxlan vni 5010
[*Device1-bd10] quit
[*Device1] interface nve 1
[*Device1-Nve1] source 10.2.2.2
[*Device1-Nve1] vni 5010 head-end peer-list 10.4.4.4
[*Device1-Nve1] quit
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
[*Device1] commit
5. Verify the configuration.
After completing the configurations, run the display vxlan vni and display vxlan tunnel commands on
Device1 and Device3 to check the VNI status and VXLAN tunnel information, respectively. The VNIs
are up on Device1 and Device3. The following example shows the command output on Device1.
[~Device1] display vxlan vni
Number of vxlan vni : 1
VNI BD-ID State
---------------------------------------
5010 10 up
[~Device1] display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type
--------------------------------------------------------------
4026531841 10.2.2.2 10.4.4.4 up static
By now, users on the same network can communicate through the VXLAN tunnel.
Configuration Files
Configuration file of Device1
#
sysname Device1
#
bridge-domain 10
vxlan vni 5010
#
aaa
local-user user@domain password irreversible-cipher
$1a$VSrx#20q.7$U6bK2gqMW+a*vX@c$-$59i|Z*/,T$9*q2j!~PY'/$
local-user user@domain service-type ssh
local-user user@domain user-group manage-ug
#
interface GigabitEthernet1/0/1
undo portswitch
undo shutdown
ip address 192.168.1.1 255.255.255.0
#
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
interface GigabitEthernet1/0/2
undo portswitch
undo shutdown
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/2.1
encapsulation dot1q vid 10
bridge-domain 10
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.1.1.2 255.255.255.0
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
interface Nve1
source 2.2.2.2
vni 5010 head-end peer-list 3.3.3.3
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
#
snetconf server enable
ssh user user@domain
ssh user user@domain authentication-type password
ssh user user@domain service-type snetconf
#
user-interface vty 0 4
authentication-mode aaa
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
protocol inbound ssh
#
return
Configuration file of Device2
#
sysname Device2
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 192.168.1.2 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.0
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
Configuration file of Device3
#
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
sysname Device3
#
bridge-domain 10
vxlan vni 5010
#
aaa
local-user user@domain password irreversible-cipher
$1a$VSrx#20q.7$U6bK2gqMW+a*vX@c$-$59i|Z*/,T$9*q2j!~PY'/$
local-user user@domain service-type ssh
local-user user@domain user-group manage-ug
#
interface GigabitEthernet1/0/1
undo portswitch
undo shutdown
ip address 192.168.2.2 255.255.255.0
#
interface GigabitEthernet1/0/2
undo portswitch
undo shutdown
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/2.1
encapsulation dot1q vid 20
bridge-domain 10
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.3.1.2 255.255.255.0
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
interface Nve1
source 4.4.4.4
HUAWEI NetEngine Router
Configuration Guide - VxLAN 2 VxLAN Configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49
vni 5010 head-end peer-list 3.3.3.3
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.3.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
snetconf server enable
ssh user user@domain
ssh user user@domain authentication-type password
ssh user user@domain service-type snetconf
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return