huawei netengine router v800r008c10 feature … ne...huawei netengine router v800r008c10 feature...

HUAWEI NetEngine Router V800R008C10

Feature Description - IP Routing

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd. i

Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior

written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective

holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and

the customer. All or part of the products, services and features described in this document may not be

within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,

information, and recommendations in this document are provided "AS IS" without warranties, guarantees or

representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang

Shenzhen 518129

People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

http://www.huawei.com/

mailto:[email protected]

HUAWEI NetEngine Router

Configuration Guide - VxLAN About This Document


Copyright © Huawei Technologies Co., Ltd.

ii

About This Document

Intended Audience

This document describes the IP Routing features in terms of its overview, principle, and

applications.

This document together with other types of document helps intended readers get a deep

understanding of the Security features.

This document is intended for:

Network planning engineers

Commissioning engineers

Data configuration engineers

System maintenance engineers

Related Versions (Optional)

The following table lists the product versions related to this document.

Product Name Version

HUAWEI NetEngine Router V800R008C10

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.

Indicates a hazard with a medium or low level of risk, which

if not avoided, could result in minor or moderate injury.


Configuration Guide - VxLAN About This Document



iii

Symbol Description

Indicates a potentially hazardous situation, which if not

avoided, could result in equipment damage, data loss,

performance degradation, or unexpected results.

Indicates a tip that may help you solve a problem or save

time.

Provides additional information to emphasize or supplement

important points of the main text.


Configuration Guide - VxLAN Contents



iv

Contents

About This Document .................................................................................................................... ii

1 Configuration Command............................................................................................................. 1

1.1 bridge-domain (System view) .......................................................................................................................... 1

1.2 description (BD view) ...................................................................................................................................... 2

1.3 display bridge-domain ...................................................................................................................................... 3

1.4 display bridge-domain statistics ....................................................................................................................... 8

1.5 display interface nve....................................................................................................................................... 10

1.6 display mac-address bridge-domain ............................................................................................................... 11

1.7 display mac-address total-number .................................................................................................................. 14

1.8 display vxlan tunnel ....................................................................................................................................... 15

1.9 display vxlan vni ............................................................................................................................................ 16

1.10 encapsulation (Layer 2 sub-interface view) ................................................................................................. 19

1.11 interface mode l2 .......................................................................................................................................... 21

1.12 interface nve ................................................................................................................................................. 22

1.13 interface vbdif .............................................................................................................................................. 23

1.14 mac-address (BDIF interface view) ............................................................................................................. 24

1.15 reset bridge-domain statistics ....................................................................................................................... 26

1.16 reset mac-address bridge-domain ................................................................................................................. 27

1.17 source (NVE interface view) ........................................................................................................................ 28

1.18 statistics enable (BD view) ........................................................................................................................... 29

1.19 vni head-end peer-list ................................................................................................................................... 30

1.20 vxlan vni ....................................................................................................................................................... 32

2 VxLAN Configuration ................................................................................................................ 33

2.1 VXLAN Overview ......................................................................................................................................... 33

2.2 Configuring VXLAN (in Single-Node Mode) ............................................................................................ 35

2.2.1 Configuring Communication Within a Network Segment Through a VXLAN Tunnel ............... 35

2.2.1.1 Configuring Service Access Points to Differentiate Service Traffic ............................................ 36

2.2.1.2 Configuring a VXLAN Tunnel to Forward Service Traffic ......................................................... 38

2.2.1.3 Checking the Configurations ....................................................................................................... 39

2.3 Maintaining VXLAN ..................................................................................................................................... 40

2.3.1 Clearing VXLAN Packet Statistics ....................................................................................................... 40


Configuration Guide - VxLAN Contents



v

2.3.2 Monitoring the VXLAN Operating Status ............................................................................................ 40

2.3.3 Configuring the VXLAN Alarm Report Function................................................................................. 41

2.4 Configuration Example ............................................................................................................................... 41

2.4.1 Example for Configuring Users on the Same Network Segment to Communicate Through a VXLAN

Tunnel(In Single-Node Mode) ....................................................................................................................... 41


Configuration Guide - VxLAN 1 Configuration Command



1

1 Configuration Command

1.1 bridge-domain (System view)

Function

The bridge-domain command creates a bridge domain (BD) and displays the BD view, or

directly displays the BD view if the BD exists.

The undo bridge-domain command deletes a BD.

By default, no BD is created.

Format

bridge-domain bd-id

undo bridge-domain bd-id

Parameters

Parameter Description Value

bd-id Specifies a

BD ID.

The value is an

integer ranging from 1

to 32768.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A virtual network (VN) on a VXLAN is a virtual broadcast domain. VXLAN network

identifiers (VNIs) identifying VNs must be mapped to BDs in 1:1 mode so that a BD can





2

function as a VXLAN network entity to transmit VXLAN traffic. To create a BD, run the

bridge-domain command.

Follow-up Procedure

Run the interface vbdif fp-id:bd-id command to create a Layer 3 BDIF interface for a BD.

A BD functions similar to a VLAN as a broadcast domain. A BDIF interface, also similar to

a VLANIF interface, can be used for Layer 2 termination and Layer 3 access.

Example

# Create a BD with the ID of 10.

<HUAWEI> system-view

[~HUAWEI] bridge-domain 10

1.2 description (BD view)

Function

The description command configures a description for a bridge domain (BD).

The undo description command deletes the description of a BD.

By default, no description is configured for any BD.

Format

description description

undo description

Parameters


description Specifies a

description.

The value is a string of

1 to 80 case-sensitive

characters, spaces

supported.

Views

BD view

Default Level


Usage Guidelines





3

If the bridge-domain bd-id command has been run several times to configure multiple

BDs, run the description command to configure a description for each BD. The

description helps rapidly understand the BD's function, which facilitates service

management.

Example

# Configure the description VXLAN for the BD with the ID of 10.



[*HUAWEI-bd10] description VXLAN

1.3 display bridge-domain

Function

The display bridge-domain command displays BD configurations.

Format

display bridge-domain [ bd-id [ brief | verbose ] ]

Parameters


bd-id Specifies a BD ID. The value is an

integer ranging

from 1 to 32768.

brief Displays brief BD

configurations.

-

verbose Displays detailed

BD configurations.

-

Views

All views

Default Level

1: Monitoring level





4

Usage Guidelines

After creating BDs, run the display bridge-domain command to check BD configurations.

The command output helps verify configurations and locate faults.

Example

# Display configurations of all BDs.

<HUAWEI> display bridge-domain

The total number of bridge-domains is : 2

------------------------------------------------------------------

--------------

MAC_LRN: MAC learning; STAT: Statistics; SPLIT:

Split-horizon;

BC: Broadcast; MC: Unknown multicast; UC: Unknown

unicast;

*down: Administratively down; FWD: Forward; DSD: Discard;

------------------------------------------------------------------

--------------

BDID State MAC-LRN STAT BC MC UC SPLIT Description

------------------------------------------------------------------

--------------

10 up enable disable FWD FWD FWD disable vni 5010

20 up enable disable FWD FWD FWD disable vni 5020

# Display the configurations of bridge domain 10.

<HUAWEI> display bridge-domain 10

------------------------------------------------------------------

--------------

MAC_LRN: MAC learning; STAT: Statistics; SPLIT:

Split-horizon;

BC: Broadcast; MC: Unknown multicast; UC: Unknown

unicast;


U: Up; D: Down;

------------------------------------------------------------------

--------------

BDID Ports

------------------------------------------------------------------

--------------





5

10


------------------------------------------------------------------

--------------

10 down enable disable FWD FWD FWD disable

BDID VLANIDs

------------------------------------------------------------------

--------------

10 1(D)

# Display detailed configurations of bridge domain 10.

<HUAWEI> display bridge-domain 10 verbose

Bridge-domain ID : 10

Description : vni 5010

State : Up

MAC Learning : Enable

Statistics : Disable

Broadcast : Forward

Unknown-unicast : Forward

Unknown-multicast : Forward

Split-horizon : Disable

----------------

Interface State

Eth-Trunk0.9040 up

Eth-Trunk100.3 up

Item Description

The total number

of bridge-domains

is

Total number of BDs configured.

BDID BD ID.

A BD ID can be configured using the

bridge-domain bd-id command in the system

view.





6

Item Description

State BD status:

up

down

MAC-LRN Whether MAC address learning is enabled for a

BD:

disable

enable

STAT Whether traffic statistics collection is enabled for

a BD:

disable

enable

Traffic statistics collection can be enabled using

the statistics enable command in the BD view.

BC Whether broadcast packets are forwarded in a

BD:

FWD: Broadcast packets are forwarded.

DSD: Broadcast packets are discarded.

MC Whether multicast packets are forwarded in a BD:

FWD: Multicast packets are forwarded.

DSD: Multicast packets are discarded.

UC Whether unknown unicast packets are forwarded

in a BD:

FWD: Unknown unicast packets are forwarded.

DSD: Unknown unicast packets are discarded.

SPLIT Whether split horizon is enabled for a BD:

disable

enable

Description Description of a BD.

A description can be configured for a BD using

the description (BD view) command.

VLANIDs ID of the VLAN bound to a BD.

Table Description of the display bridge-domain verbose command output

Item Description

Bridge-domain ID BD ID.

A BD ID can be configured using the

bridge-domain bd-id command in the system

view.





7

Item Description

Description Description of a BD.

A description can be configured for a BD using

the description (BD view) command.

State BD status:

Up

Down

MAC Learning Whether MAC address learning is enabled for a

BD:

Disable

Enable

Statistics Whether traffic statistics collection is enabled for

a BD:

Disable

Enable

Traffic statistics collection can be enabled using

the statistics enable command in the BD view.

Broadcast Whether broadcast packets are forwarded in a

BD:

Forward: Broadcast packets are forwarded.

Discard: Broadcast packets are discarded.

Unknown-unicast Whether unknown unicast packets are forwarded

in a BD:

Forward: Unknown unicast packets are forwarded.

Discard: Unknown unicast packets are discarded.

Unknown-multicast Whether multicast packets are forwarded in a BD:

Forward: Multicast packets are forwarded.

Discard: Multicast packets are discarded.

Split-horizon Whether split horizon is enabled for a BD:

Disable

Enable

Interface State Status of each Layer 2 sub-interface added to a

bridge domain.

up: The data link layer protocol of the Layer 2 sub-interface starts properly.

down: The data link layer protocol of the Layer 2 sub-interface starts is abnormal.

In VXLAN dual-active access networking, after an

interface is configured as a peer-link interface,

the device automatically creates a QinQ

sub-interface for each VNI on the interface. The

QinQ sub-interface is used to add the two

M-LAG-enabled devices to the corresponding BD





8

Item Description

of the VNI. Users cannot perform operations on

the QinQ sub-interface.

1.4 display bridge-domain statistics

Function

The display bridge-domain statistics command displays traffic statistics of a bridge

domain (BD).

Format

display bridge-domain bd-id statistics

Parameters


bd-id Specifies a

BD ID.

The value is an


to 32768.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To check traffic statistics of a BD when monitoring it, run the display bridge-domain

statistics command. The command output helps locate faults.

Prerequisites





9

To ensure that the display bridge-domain statistics command displays valid statistics

entries, you must have performed the following operations before running the display

bridge-domain statistics command:

1. A BD has been created using the bridge-domain bd-id command in the system view.

2. Traffic statistics collection has been enabled for the BD using the statistics enable command in the BD view.

Example

# Display traffic statistics of BD10.

<HUAWEI> display bridge-domain 10 statistics

Slot: 1/3

------------------------------------------------------------------

--------

Item Packets Bytes

------------------------------------------------------------------

--------

Inbound 0 0

Outbound 0 0

------------------------------------------------------------------

--------

Table Description of the display bridge-domain statistics command output

Item Description

Slot Slot number.

Item Statistics items to be displayed.

Packets Number of packets.

Bytes Number of bytes.

Inbound Number of packets received in the BD.

Outbound Number of packets sent from the BD





10

1.5 display interface nve

Function

The display interface nve command displays information about network virtualization

edge (NVE) interfaces.

Format

display interface nve [ nve-number ]

Parameters


nve-number Specifies the number of

an NVE interface.

If nve-number is not

specified, information

about all NVE interfaces

is displayed.

The

number

can only

be 1.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To monitor the status of an NVE interface or locate an NVE interface faults on a VXLAN,

run the display interface nve command to check information about the NVE interface.

Example

# Display information about NVE interface.

<HUAWEI> display interface nve 1

Nve1 current state : UP (ifindex: 711)

Line protocol current state : UP

Description:

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is -

Table 1 Description of the display interface nve command output

Item Description





11

Table 1 Description of the display interface nve command output

Item Description

Nve1 current state Physical status of NVE interface.

The physical status retains UP

after NVE interface is created.

Line protocol current state Link layer protocol status of NVE

interface. The link layer protocol

status retains UP after NVE

interface is created.

Description NVE interface description. The

description can be modified using

the description command. If no

description is configured, nothing

is displayed for this field.

IP Sending Frames' Format is Format of the Ethernet frames

sent by NVE interface. The format

can only be PKTFMT_ETHNT_2.

NVE interface can identify the

following formats when receiving

Ethernet frames:

PKTFMT_ETHNT_2

Ethernet_SNAP

802.2

802.3

Hardware address is MAC address of NVE interface.

Currently, only a hyphen (-) is

displayed.

1.6 display mac-address bridge-domain

Function

The display mac-address bridge-domain command displays MAC address entries in a

specified bridge domain (BD).

Format

# Display all MAC address entries in specified bridge domain.





12

display mac-address [ mac-address ] bridge-domain bd-id

# Display static MAC address entries in a specified bridge domain.

display mac-address static bridge-domain bd-id

Parameters


mac-address Displays an entry

with a specified

MAC address.

The value is in

the format of

H-H-H. Each H

is a 4-digit

hexadecimal

number, such

as 00e0 or fc01.

If an H contains

less than four

digits, 0s are

added ahead.

For example,

e0 is equal to

00e0.

bd-id Displays MAC

address entries in

a bridge domain

with a specified

ID.

The value is an

integer ranging

from 1 to

32768.

static Displays static

MAC address

entries.

The static

parameter

configured in this

command helps

verify that a user

device is correctly

bound to an

interface so that

the device secure

authorized user's

communication.

-

Views

All views

Default Level

1: Monitoring level





13

Usage Guidelines

To adapt to a changing network, the MAC address table needs to be updated constantly.

To check MAC address entries in a BD, run the display mac-address bridge-domain

command.

Example

# Display all MAC address entries in bridge domain 10.

<HUAWEI> display mac-address bridge-domain 1019

Flags: * - Backup

BD : bridge-domain

------------------------------------------------------------------

-------------

MAC Address VLAN/VSI/BD Learned-From

Type

------------------------------------------------------------------

-------------

e468-a356-0cb2 -/-/1019 GigabitEthernet4/0/6

dynamic

------------------------------------------------------------------

-------------

Total items: 1

Table 1 Description of the display mac-address bridge-domain command output

Item Description

Backup Backup path

MAC Address Destination MAC address

VLAN/VSI/BD VLAN: ID of a VLAN to which an interface belongs

VSI: ID of a VSI associated with an interface

BD: ID of a BD to which an interface belongs

Learned-From Static MAC address configured for an interface if the MAC address entry type is static

MAC address dynamically learned by an interface if the MAC address entry type is dynamic

Type MAC address entry type:

static: static MAC address entries

dynamic: dynamic MAC address entries.

Total items Total number of MAC address entries matching the

configured conditions.





14

1.7 display mac-address total-number

Function

The display mac-address total-number bridge-domain command displays the total

number of MAC address entries in a bridge domain (BD).

Format

display mac-address total-number [ static ] bridge-domain bd-id

Parameters


static Displays the

number of static

MAC address

entries.

-

bridge-domain

bd-id

Displays the

number of MAC

address entries in

a specified BD.

The value is

an integer

ranging from

1 to 32768.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To check the total number of MAC address entries in a BD, run the display mac-address

total-number bridge-domain command.

Example

# Display the total number of MAC address entries in BD 10.

<HUAWEI> display mac-address total-number bridge-domain 10

Total number of mac-address : 5





15

Table 1 Description of the display mac-address total-number bridge-domain command

output

Item Description

Total number

of

mac-address

Total number of MAC address entries in the specified

BD

1.8 display vxlan tunnel

Function

The display vxlan tunnel command displays VXLAN tunnel information.

Format

display vxlan tunnel [ tunnel-id ] [ verbose ]

Parameters


tunnel-id Specifies a

VXLAN tunnel

ID.

The value is an

integer ranging

from 1 to

4294967295.


VXLAN tunnel

information.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After VXLAN tunnels are established, run the display vxlan tunnel command to check

tunnel information. The command output helps verify configurations and locate faults.

Example





16

# Display detailed VXLAN tunnel information.

<HUAWEI> display vxlan tunnel

Number of vxlan tunnel : 2

Tunnel ID Source Destination State Type

--------------------------------------------------------------

33686018 1.1.1.1 2.2.2.2 up static

33686019 1.1.1.1 2.2.2.3 up static

Table 1 Description of the display vxlan tunnel command output

Item Description

Number of

vxlan

tunnel Number of VXLAN tunnels that have been established

Tunnel ID

VXLAN tunnel ID, which is automatically allocated after a

VXLAN tunnel is established

Source VXLAN tunnel's source IP address

Destination VXLAN tunnel's destination IP address

State

VXLAN tunnel status:

up: The tunnel is reachable.

down: The tunnel is unreachable.

Type

VXLAN tunnel type

The VXLAN tunnel status is determined by how peer-list

ip-address is specified in the vni vni-id head-end

peer-list ip-address &<1-10> command:

static: peer-list ip-address is statically configured.

dynamic: peer-list ip-address is dynamically learned by a routing protocol.

1.9 display vxlan vni

Function

The display vxlan vni command displays VXLAN configurations.

Format

display vxlan vni [ vni-id [ verbose ] ]





17

Parameters


vni-id Specifies a VNI ID. The value is an

integer ranging

from 4096 to

16000000.


configurations of the

VXLAN with a

specified VNI ID.

-

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name Operations

nvo3 read

Usage Guidelines

Usage Scenario

After a VXLAN is configured, to check the VNI status and BD to which the VNI is mapped,

run the display vxlan vni command. The command output helps you determine whether

the VXLAN is correctly configured.

Precautions

Before running the display vxlan vni command, ensure that the specified VNI exists.

Otherwise, the information obtained will be inapplicable.

Example

# Display VXLAN configurations.

<HUAWEI> display vxlan vni

Number of vxlan vni: 2

VNI BD-ID State

---------------------------------------

5010 10 up

5020 20 up





18

# Display detailed configurations of the VXLAN with VNI5000.

<HUAWEI> display vxlan vni 5000 verbose

BD ID : 10

State : up

NVE : 1610612739

Source : 1.1.1.1

UDP Port : 4789

BUM Mode : head-end

Group Address : -

Peer List : 2.2.2.2 2.2.2.3

Table 1 Description of the display vxlan vni command output

Item Description

Number

of vxlan

vni Number of VNIs configured

VNI

VNI ID, which is configured using the vxlan vni vni-id

command

BD-ID

(BD ID)

ID of the BD to which a VNI is mapped, which is configured

using the bridge-domain bd-id command

State

VNI status:

up

down

The status of a VNI is up only when the VXLAN tunnel identified by the VNI

exists and is up.

If the VNI status is down, check whether the source and

destination IP addresses displayed in the Source and Peer

List fields in the display vxlan vni command output are

consistent with those displayed in the Source and

Destination fields in the display vxlan tunnel command

output.

If they are inconsistent, the VXLAN tunnel identified by the VNI does not exist.

Run the source ip-address or vni vni-id head-end peer-list ip-address

&<1-10> command to change the source or destination IP address of the

VXLAN tunnel to ensure that the VXLAN tunnel exists.

If they are consistent, collect configuration information and contact Huawei technical support engineers.

NVE NVE interface





19

Table 1 Description of the display vxlan vni command output

Item Description

Source

Source VTEP's IP address, which can be configured using

the source ip-address command

UDP

Port Destination UDP port number, which is fixed at 4789

BUM

Mode

Broadcast, unknown unicast, and multicast mode, which

allows a VNI to use ingress replication to forward BUM

packets

Group

Address

Group address mode, which allows a VNI to use multicast

replication to forward BUM packets

This field displays as a hyphen (-) because multicast

replication is not supported.

Peer

List

Remote VTEPs' IP addresses, which can be configured

using the vni vni-id head-end peer-list ip-address &<1-10>

command

1.10 encapsulation (Layer 2 sub-interface view)

Function

The encapsulation command specifies an encapsulation type of packets allowed to pass

through a Layer 2 sub-interface.

The undo encapsulation command deletes an encapsulation type of packets allowed to

pass through a Layer 2 sub-interface.

By default, an encapsulation type of packets allowed to pass through a Layer 2

sub-interface is not specified.

Format

encapsulation { { dot1q vid vid } | default | untag }

undo encapsulation { { dot1q vid vid } | default | untag }

Parameters






20

dot1q Indicates the dot1q

encapsulation type, which

allows a Layer 2

sub-interface to receive

tagged packets.

-

vid vid Specifies a VLAN ID in

the outer VLAN tag.

The value

is an

integer

ranging

from 1 to

4094.

default Indicates the default


allows a Layer 2


all packets, irrespective of

whether the packets carry

VLAN tags.

-

untag Indicates the untag


allows a Layer 2


only untagged packets.

-

Views

Layer 2 sub-interface view

Default Level


Usage Guidelines

Usage Scenario

Packets on a VXLAN either carry a VLAN tags or do not carry VLAN tags. To allow these

packets to be transmitted through different Layer 2 sub-interfaces, run the encapsulation

command to configure an encapsulation type for each Layer 2 sub-interface.

Prerequisites

An Layer 2 sub-interface has been created using the interface interface-type

interface-number.subnum mode l2 command in the system view.

Precautions

Each Layer 2 sub-interface can have only one encapsulation type configured. Before

changing an encapsulation type, run the undo encapsulation command to delete the

existing encapsulation type. Then run the encapsulation command to specify an

encapsulation type.

Example

# Enable untagged encapsulation on Layer 2 sub-interface GigabitEthernet1/0/1.1.





21


[~HUAWEI] interface ge 1/0/1.1 mode l2

[*HUAWEI-GigabitEthernet1/0/1.1] encapsulation untag

1.11 interface mode l2

Function

The interface mode l2 command creates a Layer 2 sub-interface and displays the Layer 2

sub-interface view.

The undo interface command deletes a Layer 2 sub-interface.

By default, no Layer 2 sub-interface is created.

Format

interface interface-type interface-number.subnum mode l2

undo interface interface-type interface-number.subnum

Parameters


interface-type

interface-number.subnum

Specifies the

type and

number of a

Layer 2

sub-interface.

-

Views

System view

Default Level


Usage Guidelines

Usage Scenario

The Virtual eXtensible Local Area Network (VXLAN) module defines Layer 2

sub-interfaces as service access points. Only Layer 2 sub-interface provide access

services. To create a Layer 2 sub-interface, run the interface mode l2 command.

Prerequisites

Before using the interface mode l2 command on a main interface, ensure that no Layer 2

sub-interface is created on the main interface. If there is a sub-interface, run the undo





22

interface interface-type interface-number.subinterface-number command to delete the

sub-interface.

Follow-up Procedure

Run the bridge-domain bd-id command to add a created Layer 2 sub-interface to a bridge

domain (BD) so that services can be transmitted in the bridge domain.

Precautions

Layer 2 sub-interfaces can only send access packets to bridge domains, not Layer 3

networks. Each Layer 2 sub-interface can be added to only one BD.

Example

# Create a Layer 2 sub-interface GigabitEthernet 1/0/1.1.


[~HUAWEI] interface ge 1/0/1.1 mode l2

1.12 interface nve

Function

The interface nve command creates a network virtualization edge (NVE) interface or

displays an NVE interface view.

The undo interface nve command deletes an NVE interface.

By default, no NVE interfaces are created.

Format

interface nve nve-number

undo interface nve nve-number

Parameters


nve-number Specifies the number

of an NVE interface.

The value

ranges from 1

to 2.

Views

System view

Default Level


Usage Guidelines





23

Usage Scenario

To exert server virtualization advantages, deploy a VXLAN on an NVE interface for

multi-tenant access. To create an NVE interface, run the interface nve command.

Precautions

After configuring a VXLAN tunnel, if you run the undo interface nve command, the

specified NVE interface and its configurations will be deleted.

Example

# Create NVE interface.


[~HUAWEI] interface nve 1

1.13 interface vbdif

Function

The interface vbdif command creates a BDIF interface and displays the BDIF interface

view, or directly displays the BDIF interface view if the BDIF interface exists.

The undo interface vbdif command deletes a BDIF interface.

By default, no BDIF interface is created.

Format

interface vbdif bd-id

undo interface vbdif bd-id

Parameters


bd-id Specifies a

BD ID.

The value is an


to 32768.

Views

System view

Default Level






24

Usage Guidelines

Usage Scenario

IP routes are required for communication between VXLANs on different network segments

and between VXLANs and non-VXLANs.

To allow communication between these networks, run the vxlan vni command to map a

VNI to a BD in 1:1 mode, run the interface vbdif command to create a BDIF interface for

the BD, and configure an IP address for the BD. As a BDIF interface is a Layer 3 logical

interface similar to a VLANIF interface, it can have an IP address configured.

Prerequisites

A BD has been created using the bridge-domain command.

Follow-up Procedure

Run the ip address command to configure an IP address for a BDIF interface.

Example

# Create BDIF10.



[*HUAWEI-bd10] quit

[*HUAWEI] interface vbdif 10

1.14 mac-address (BDIF interface view)

Function

The mac-address command configures a MAC address for a BDIF interface.

The undo mac-address command restores the default MAC address of a BDIF interface.

By default, the MAC address of a BDIF interface is the system MAC address.

Format

mac-address mac-address

undo mac-address

Parameters






25

mac-address Specifies a

MAC

address for a

BDIF

interface.

The value is in the

format of H-H-H.

Each H is a 4-digit

hexadecimal

number, such as

00e0 or fc01. If an H

contains less than

four digits, 0s are

added ahead. For

example, e0 is equal

to 00e0. A MAC

address cannot be

all 0s or 1s or a

multicast MAC

address.

Views

BDIF interface view

Default Level


Usage Guidelines

Usage Scenario

Figure 1 Default MAC address of BDIF interface





26

By default, BDIF interfaces of VXLAN Layer 3 gateways use the same MAC address, that

is the system MAC address, as shown in Figure 1.

On a network with distributed or centralized multi-active VXLAN gateways that need to be

simulated into one, you need to run the mac-address command to configure the same

MAC address for the BDIF interfaces of VXLAN Layer 3 gateways. In this way, terminals

connect to the same gateway, ensuring normal traffic forwarding and VM migration.

Configuration Impact

After you configure a MAC address for a BDIF interface, the device will actively send

gratuitous ARP packets to update the mapping between MAC addresses and interfaces of

other devices.


Currently, the SNC controller cannot deliver MAC addresses of all-active VXLAN

gateways.

Example

# Configure the MAC address 0000-5e00-0101 for BDIF10.



[*HUAWEI-bd10] quit

[*HUAWEI] interface vbdif 10

[*HUAWEI-Vbdif10] mac-address 0000-5e00-0101

1.15 reset bridge-domain statistics

Function

The reset bridge-domain statistics command clears traffic statistics of a BD.

Format

reset bridge-domain bd-id statistics

Parameters


bd-id Clears traffic

statistics of a

specified bridge

domain ID.

The value is an

integer ranging

from 1 to

32768.

Views





27

User view

Default Level


Usage Guidelines

Usage Scenario

Before you collect traffic statistics within a specified period for a BD, run the reset

bridge-domain statistics command to clear existing statistics so that traffic statistics can

be collected again, ensuring that the statistics are correct.

Prerequisites

A BD has been created using the bridge-domain bd-id command in the system view.

Precautions

Traffic statistics of a BD are cleared and cannot be restored. Exercise caution when

running the reset bridge-domain statistics command.

Example

# Clear traffic statistics of BD 10.

<HUAWEI> reset bridge-domain 10 statistics

1.16 reset mac-address bridge-domain

Function

The reset mac-address bridge-domain command deletes dynamically learned MAC

address entries in a bridge domain (BD).

Format

reset mac-address bridge-domain bd-id

Parameters


bd-id Deletes MAC

address entries with a

specified bridge

domain ID.

The value is

an integer

ranging from 1

to 32768.

Views

User view

Default Level





28


Usage Guidelines

Usage Scenario

To delete dynamically learned MAC address entries (entries to be deserted, for example)

in a BD, run the reset mac-address bridge-domain command.

Prerequisites

A BD has been created using the bridge-domain bd-id command in the system view.

Precautions

After the reset mac-address bridge-domain command is run, the dynamically learned

MAC address entries are deleted and cannot be restored. Exercise caution when running

the command.

Currently, you can only delete VXLAN MAC address entries by the BD.

Example

# Delete MAC address entries in a specified BD 10.

<HUAWEI> reset mac-address bridge-domain 10

1.17 source (NVE interface view)

Function

The source command configures an IP address for a source VXLAN tunnel endpoint

(VTEP).

The undo source command deletes the IP address of a source VTEP.

By default, no IP address is configured for any source VTEP.

Format

source ip-address

undo source [ ip-address ]

Parameters


ip-address Specifies an IP

address for a

source VTEP.

The value is in

dotted decimal

notation.

Views

NVE interface view





29

Default Level


Usage Guidelines

Usage Scenario

A VTEP is a VXLAN tunnel endpoint that encapsulates or decapsulates VXLAN packets. It

is represented by a network virtualization edge (NVE).

To configure an IP address for a source VTEP, run the source command. In VXLAN

packets, the source IP address is the source VTEP's IP address, and the destination IP

address is a remote VTEP's IP address. This pair of VTEP addresses corresponds to a

VXLAN tunnel.

Precautions

Either a physical interface's IP address or loopback interface address can be specified for

a source VTEP. Using the loopback interface address as the source VTEP's IP address is

recommended.

Example

# Configure the IP address 1.1.1.1 for a source VTEP.



[*HUAWEI-Nve1] source 1.1.1.1

1.18 statistics enable (BD view)

Function

The statistics enable command enables traffic statistics collection for a bridge domain

(BD).

The undo statistics enable command disables traffic statistics collection in a BD.

By default, traffic statistics collection is disabled in BDs.

Format

statistics enable

undo statistics enable

Parameters

None

Views

BD view

Default Level






30

Usage Guidelines

Usage Scenario

By default, traffic statistics collection is disabled in BDs. Before you run the display

bridge-domain statistics command to view traffic statistics for fault locating, run the

statistics enable command in the BD view to enable traffic statistics collection. If traffic

statistics collection is not enabled for a BD, you cannot obtain the traffic statistics in the

BD.

Precautions

After traffic statistics collection is enabled for a BD, the device counts every packet received in the BD. If a large number of packets pass through the BD, the device counts all these packets and subsequently stores large amounts of statistics, causing device operation performance to deteriorate.

If traffic statistics collection is not needed in a BD, run the undo statistics enable command to disable the function.

Traffic statistics in the outbound direction do not contain packets forwarded at Layer 3.

Follow-up Procedure

Run the display bridge-domain statistics command to view traffic statistics in the BD.

The command output helps locate faults.

Example

# Enable traffic statistics collection for BD 10.



[*HUAWEI-bd10] statistics enable

1.19 vni head-end peer-list

Function

The vni head-end peer-list command configures an ingress replication list for a VXLAN

network identifier (VNI).

The undo vni head-end peer-list command deletes the ingress replication list of a VNI.

By default, no ingress replication list is configured for any VNI.

Format

vni vni-id head-end peer-list ip-address &<1-10>

vni vni-id

undo vni vni-id [ head-end peer-list ip-address &<1-10> ]

Parameters






31

vni-id Specifies a VNI ID. The value is an

integer ranging

from 4096 to

16000000.

ip-address Specifies the IP

address of a remote

VXLAN tunnel

endpoints (VTEP).

The value is in

dotted decimal

notation.

Views

NVE interface view

Default Level




nvo3 write

Usage Guidelines

Usage Scenario

If a source VTEP on a VXLAN connects to multiple remote VTEPs on the same VXLAN

segment, run the vni head-end peer-list command to configure an ingress replication list

that contains the IP addresses of those remote VTEPs. After the source NVE receives

broadcast, unknown unicast, and multicast (BUM) packets, the local VTEP sends a copy

of the BUM packets to every VTEP in the list.


Ingress replication allows BUM packets to be transmitted in broadcast mode, independent

of multicast routing protocols.

Precautions

Even if a source VTEP connects only to one remote VTEP, you still need to run the vni

head-end peer-list command to configure an ingress replication list with the remote

VTEP's IP address specified.

Example

# Configure an ingress replication list for VNI5010, with the remote VTEPs' IP addresses

being 2.2.2.2 and 3.3.3.3.



[*HUAWEI-Nve1] vni 5010 head-end peer-list 2.2.2.2 3.3.3.3





32

1.20 vxlan vni

Function

The vxlan vni command creates a VXLAN network identifier (VNI) and maps a VNI to a

bridge domain (BD) in 1:1 mode.

The undo vxlan vni command deletes the mapping between a VNI and a BD.

By default, no VNI is created.

Format

vxlan vni vni-id

undo vxlan vni vni-id

Parameters


vni-id Specifies a

VNI ID.

The value is an integer

ranging from 4096 to

16000000.

Views

BD view

Default Level




nvo3 write

Usage Guidelines

A virtual network (VN) on a VXLAN is a virtual broadcast domain. To allow a BD to function

as a VXLAN network entity to transmit VXLAN traffic, run the vxlan vni command to map

a VNI to a BD in 1:1 mode.

Example

# Map VNI5000 to BD10.



[*HUAWEI-bd10] vxlan vni 5000


Configuration Guide - VxLAN 2 VxLAN Configuration



33

2 VxLAN Configuration

2.1 VXLAN Overview

This section describes the definition, purpose, and benefits of the Virtual eXtensible Local

Area Network (VXLAN).

Definition

VXLAN is a Network Virtualization over Layer 3 (NVO) technology that uses MAC in User

Datagram Protocol (MAC-in-UDP) to encapsulate packets.

Purpose

Server virtualization is a critical cloud computing technology, and has been widely

deployed because it significantly reduces IT and operation and maintenance (O&M) costs

and facilitates more flexible service deployment.

Figure 1 Server virtualization networking





34

On the network shown in Figure 1, one server is virtualized into multiple virtual machines (VMs), each of

which acts as a host. However, the exponential increase in the number of hosts leads to the following

problems on a virtual network:

Network isolation capabilities are limited.

Most networks use VLANs or virtual private networks (VPNs) for network isolation. However, these two

network isolation technologies have the following limitations on large-scale virtualized networks:

The VLAN tag field, as defined in IEEE 802.1Q, has only 12 bits, and can only identify a maximum of 4096 VLANs, making it insufficient for identifying users on large Layer 2 networks.

VLANs or VPNs cannot support dynamic network adjustment on traditional Layer 2 networks.

VM migration scope is limited by the network architecture.

After VMs are started, they may need to be migrated from one server to another due to server resource

problems (for example, CPU overload or insufficient memory). To ensure uninterrupted services during

VM migration, the IP and MAC addresses of VMs must remain unchanged. To meet this requirement,

the service network must be a Layer 2 network that provides multipath redundancy and reliability.





35

VXLAN addresses the above problems on large Layer 2 networks as follows:

Limited network isolation capabilities

VXLAN uses a VXLAN network identifier (VNI) field similar to the VLAN ID field defined in IEEE 802.1Q.

The VNI field has 24 bits and can identify a maximum of 16M VXLAN segments theoretically.

VM migration scope limitations imposed by network architecture

When VXLAN is used to construct a large Layer 2 network, VM IP and MAC addresses can remain

unchanged after VM migration.

Benefits

When server virtualization is widely deployed in data centers based on physical network infrastructure,

VXLAN offers the following benefits:

Supports a maximum of 16M VXLAN segments with 24-bit VNIs, so a data center can accommodate a large number of tenants.

Extends Layer 2 networks using MAC-in-UDP encapsulation and decouples physical and virtual networks. Tenants can plan their own virtual networks, without being limited by the physical network IP addresses or broadcast domains. This greatly simplifies network management.

2.2 Configuring VXLAN (in Single-Node Mode)

This section describes how to configure VXLAN directly on the device.

2.2.1 Configuring Communication Within a Network Segment Through a VXLAN Tunnel

A VXLAN Layer 2 gateway can implement communication between users on the same network segment

through a VXLAN tunnel and connect tenants to the VXLAN virtualized network.

Usage Scenario

An enterprise allocates physical servers and VMs on the same network segment to a tenant. When the

VMs need to communicate with one another or the physical servers, you need to configure VXLAN

Layer 2 gateways to establish VXLAN tunnels.

As shown in Figure 1:

When VM1 on Server2 needs to communicate with VM1 on Server1, configure VXLAN Layer 2 gateways on Device1 and Device2 to establish VXLAN tunnels between them.

When VM1 on Server2 needs to communicate with Server3 or Server4, configure VXLAN Layer 2 gateways on Device2, Device3, and Device4 to establish VXLAN tunnels between Device2 and Device3 or between Device2 and Device4.

http://localhost:7890/pages/31188554/03/31188554/03/resources/dc/dc_cfg_vxlan_1023.html?ft=0&fe=10&hib=6.1.11.3.8.1&id=dc_cfg_vxlan_1023#dc_cfg_vxlan_1023__fig_dc_cfg_vxlan_102304





36

Figure 1 Configuring communication within a network segment through a VXLAN tunnel

Encapsulation and decapsulation of VXLAN packets are implemented on the devices supporting NVE.

Therefore, you need to perform this task on all the NVE-enabled devices, including Device1, Device2,

Device3, and Device4.

Pre-configuration Tasks

Before configuring communication within a network segment through a VXLAN tunnel, complete the

following tasks:

Implementing Layer 3 route reachability

2.2.1.1 Configuring Service Access Points to Differentiate Service Traffic

Context

On the VXLAN network, you need to configure VXLAN service access points on a VXLAN network edge

node. Currently, the device supports two methods for configuring VXLAN service access points: through

Layer 2 sub-interfaces and through binding between VLAN and bridge domain (BD).

Procedure

1. Create a VXLAN BD.

a. Run:

system-view

The system view is displayed.

b. Run:

bridge-domain bd-id

A BD is created, and the BD view is displayed.


c. (Optional) Run:

description description

The description of the BD is configured.





37

By default, no bridge domain description is configured.

A VXLAN network may have multiple BDs. To facilitate forwarder memorization and

management, run the description command to configure description for the BDs, for example,

the service type.

d. Run:

quit

Return to the system view.

2. Configure VXLAN service access points. (Use either of the following methods as required.)

Configuring VXLAN service access points through binding between VLAN and BD

a. Run:

bridge-domain bd-id

The BD view is displayed.

b. Run:

l2 binding vlan vlan-id

A VLAN is bound to a BD.

By default, a VLAN is not bound to a BD.

Before running this command, ensure that a VLAN has been created. After a VLAN is

bound to a BD, interfaces added to the VLAN become VXLAN service access points

automatically.

Configuring VXLAN service access points through Layer 2 sub-interfaces

a. Run:

interface interface-type interface-number.subnum mode l2

The specified Layer 2 Ethernet sub-interface view is displayed.

By default, no Layer 2 sub-interface is created.

The subnum parameter specifies the number of the Ethernet sub-interface

Before running this command, ensure that the port link-type dot1q-tunnel command is

not configured for the corresponding Layer 2 main interface.

b. Run:

encapsulation { dot1q vid vid | default | untag }

The flow encryption type is configured to send different data packets to different interfaces.

By default, no flow encryption type is configured.

c. Run:

bridge-domain bd-id

A Layer 2 sub-interface is added to a BD.

By default, the Layer 2 sub-interface is not added to a BD.

3. Run:





38

commit

The configuration is committed.

Example

<HUAWEI> display bridge-domain 10

--------------------------------------------------------------------------------

MAC_LRN: MAC learning; STAT: Statistics; SPLIT: Split-horizon;

BC: Broadcast; MC: Unknown multicast; UC: Unknown unicast;


U: Up; D: Down;

--------------------------------------------------------------------------------

BDID Ports

--------------------------------------------------------------------------------

10 GE 1/0/1.1(D)


--------------------------------------------------------------------------------

10 down enable disable FWD FWD FWD disable vm1

2.2.1.2 Configuring a VXLAN Tunnel to Forward Service Traffic

Context

VXLAN is a tunnel encapsulation technology for large Layer 2 virtual networks. It uses MAC-in-UDP

encapsulation to extend Layer 2 networks.

VXLAN allows a virtual network to provide access services to a large number of tenants. In addition,

tenants are able to plan their own virtual networks, not limited by the physical network IP addresses or

broadcast domains. This greatly simplifies network management.

Procedure

1. Run:

system-view


2. Run:

bridge-domain bd-id

A BD is created, and the BD view is displayed.






39

The value of bd-id in this step must be the same as the bd-id created in step 2 of Configuring Service

Access Points to Differentiate Service Traffic.

3. Run:

vxlan vni vni-id

A VNI is created and mapped to the BD.

By default, no VNI is created.

4. Run:

quit

Return to the system view.

5. Run:

interface nve nve-number

An NVE interface is created, and the NVE interface view is displayed.

By default, no NVE interfaces are created.

6. Run:

source ip-address

An IP address is configured for the source VTEP.

By default, no IP address is configured for any source VTEP. The IP address of a loopback interface is

recommended.

7. Run:

vni vni-id head-end peer-list ip-address &<1-10>

An ingress replication list for a VNI is configured.

By default, no ingress replication list is configured for any VNI.

8. Run:

commit


2.2.1.3 Checking the Configurations

Context

After configurations for the VXLAN are complete, run the commands to check the configurations.

Procedure

Run the display vxlan tunnel [ tunnel-id ] [ verbose ] command to check VXLAN tunnel information.

Run the display vxlan vni [ vni-id [ verbose ] ] command to check VXLAN configurations.

<HUAWEI> display vxlan tunnel

http://localhost:7890/pages/31188554/03/31188554/03/resources/dc/dc_cfg_vxlan_1025.html

http://localhost:7890/pages/31188554/03/31188554/03/resources/dc/dc_cfg_vxlan_1025.html





40



--------------------------------------------------------------

4026531841 1.1.1.1 2.2.2.2 up static

<HUAWEI> display vxlan vni

Number of vxlan vni : 1

VNI BD-ID State

---------------------------------------

5010 10 up

2.3 Maintaining VXLAN

This section describes how to clear VXLAN related statistics and monitor the VXLAN operating status.

2.3.1 Clearing VXLAN Packet Statistics

Context

Before you collect VXLAN packet statistics within a certain period, clear the existing statistics on the

device to ensure statistics accuracy.

Procedure

Run the reset bridge-domain bd-id statistics command in the user view to clear packets of a specified BD statistics.

2.3.2 Monitoring the VXLAN Operating Status

Context

During the routine maintenance, you can run the following commands in any view to learn the VXLAN

operating status.

Procedure

Run the display bridge-domain [ bd-id [ brief | verbose ] ] command to view the BD configuration.

Run the display mac-address [ mac-address ] bridge-domain bd-id command to view all MAC address entries in a BD.

Run the reset mac-address bridge-domain bd-id command in the user view to delete dynamically

learned MAC address entries in a BD. After dynamic MAC address entries are deleted, services will be

interrupted temporarily, and historical entries cannot be restored. Exercise caution when you run this

command.

Run the display mac-address static bridge-domain bd-id command to view static MAC address entries in a BD.





41

Run the display mac-address total-number [ static ] bridge-domain bd-id command to view the number of MAC address entries in a BD.

2.3.3 Configuring the VXLAN Alarm Report Function

Context

You can configure the alarm report function, which help you obtain real-time running status of the VXLAN

network and facilitate operation and maintenance.

Procedure

1. Run:

system-view


2. Run:

snmp-agent trap enable feature-name nvo3 [ trap-name { hwnvo3vxlantnldown |

hwnvo3vxlantnlup } ]

Alarm report for the VXLAN is enabled.

By default, alarm report for the VXLAN is disabled.

3. Run:

commit


Checking the Configuration

After completing the alarm report for VXLAN, you can run the following command to check whether

alarm report is enabled.

Run the display snmp-agent trap feature-name nvo3 all command to check all trap functions of the VXLAN module.

2.4 Configuration Example

This section provides several configuration examples of VXLAN. In each configuration example, the

networking requirements, configuration roadmap, configuration procedures, and configuration files are

provided.

2.4.1 Example for Configuring Users on the Same Network Segment to Communicate Through a VXLAN Tunnel(In Single-Node Mode)

Networking Requirements

On the network shown in Figure 1, an enterprise has VMs deployed in different data centers. VM1 on

Server1 belongs to VLAN10, and VM1 on Server2 belongs to VLAN20. VM1 on Server1 and VM1 on





42

Server2 reside on the same network segment. To allow VM1s in different data centers to communicate

with each other, configure a VXLAN tunnel between Device1 and Device3.

Figure 1 Configuring users on the same network segment to communicate through a

VXLAN tunnel

Configuration Roadmap

The configuration roadmap is as follows:

1. Configure a routing protocol on Device1, Device2, and Device3 to allow them to communicate at Layer 3.

2. Configure a service access point on Device1 and Device3 to differentiate service traffic.

3. Configure a VXLAN tunnel on Device1 and Device3 to forward service traffic.

Data Preparation

To complete the configuration, you need the following data:

VMs' VLAN IDs (10 and 20)

Interface IP addresses for device interconnection

Routing protocol: Open Shortest Path First (OSPF)

BD ID (10)





43

VNI ID (5010)

Procedure

1. Configure a routing protocol.

Assign an IP address to each interface on Device1, Device2, and Device3 according to Figure 1. When

OSPF is used, the devices advertise the 32-bit loopback IP addresses.

# Configure Device1. The configuration on Device2 and Device 3 are similar to the configuration on

Device1 and are not mentioned here.


[~HUAWEI] sysname Device1

[*HUAWEI] commit

[~Device1] interface loopback 1

[*Device1-LoopBack1] ip address 10.2.2.2 32

[*Device1-LoopBack1] quit

[*Device1] interface GigabitEthernet 1/0/1

[*Device1-GigabitEthernet1/0/1] undo portswitch

[*Device1-GigabitEthernet1/0/1] ip address 192.168.1.1 24

[*Device1-GigabitEthernet1/0/1] quit

[*Device1] ospf

[*Device1-ospf-1] area 0

[*Device1-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.0

[*Device1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255

[*Device1-ospf-1-area-0.0.0.0] quit

[*Device1-ospf-1] quit

[*Device1] commit

After OSPF is configured, the devices can use OSPF to learn the IP addresses of loopback interfaces

of each other and successfully ping each other. The following example shows the command output on

Device1 after it pings Device3:

[~Device1] ping 10.4.4.4

PING 10.4.4.4: 56 data bytes, press CTRL_C to break

Reply from 10.4.4.4: bytes=56 Sequence=1 ttl=254 time=5 ms









44

--- 10.4.4.4 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 2/3/5 ms

2. Configure the tunnel mode and enable the NVO3 ACL extension function.

# Configure Device1. The configuration on Device3 is similar to the configuration on Device1 and is not

mentioned here.

[~Device1] ip tunnel mode vxlan

[*Device1] assign forward nvo3 acl extend enable

[*Device1] commit

3. Configure a service access point on Device1 and Device3.


mentioned here.

[~Device1] vlan 10

[*Device1-vlan10] quit

[*Device1] bridge-domain 10

[*Device1-bd10] l2 binding vlan 10

[*Device1-bd10] quit

[*Device1] interface GigabitEthernet 1/0/2

[*Device1-GigabitEthernet1/0/2] port link-type trunk

[*Device1-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1

[*Device1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10

[*Device1-GigabitEthernet1/0/2] quit

[*Device1] commit

4. Configure a VXLAN tunnel on Device1 and Device3.


mentioned here.

[~Device1] bridge-domain 10

[~Device1-bd10] vxlan vni 5010

[*Device1-bd10] quit

[*Device1] interface nve 1

[*Device1-Nve1] source 10.2.2.2

[*Device1-Nve1] vni 5010 head-end peer-list 10.4.4.4

[*Device1-Nve1] quit





45

[*Device1] commit

5. Verify the configuration.

After completing the configurations, run the display vxlan vni and display vxlan tunnel commands on

Device1 and Device3 to check the VNI status and VXLAN tunnel information, respectively. The VNIs

are up on Device1 and Device3. The following example shows the command output on Device1.

[~Device1] display vxlan vni

Number of vxlan vni : 1

VNI BD-ID State

---------------------------------------

5010 10 up

[~Device1] display vxlan tunnel



--------------------------------------------------------------

4026531841 10.2.2.2 10.4.4.4 up static

By now, users on the same network can communicate through the VXLAN tunnel.

Configuration Files

Configuration file of Device1

#

sysname Device1

#

bridge-domain 10

vxlan vni 5010

#

aaa

local-user user@domain password irreversible-cipher

$1a$VSrx#20q.7$U6bK2gqMW+a*vX@c$-$59i|Z*/,T$9*q2j!~PY'/$

local-user user@domain service-type ssh

local-user user@domain user-group manage-ug

#

interface GigabitEthernet1/0/1

undo portswitch

undo shutdown

ip address 192.168.1.1 255.255.255.0

#





46


undo portswitch

undo shutdown

ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2.1

encapsulation dot1q vid 10

bridge-domain 10

#


undo shutdown

ip address 10.1.1.2 255.255.255.0

#

interface LoopBack1

ip address 2.2.2.2 255.255.255.255

#

interface Nve1

source 2.2.2.2

vni 5010 head-end peer-list 3.3.3.3

#

ospf 1

area 0.0.0.0

network 2.2.2.2 0.0.0.0

network 10.1.1.0 0.0.0.255

network 192.168.1.0 0.0.0.255

#

snetconf server enable

ssh user user@domain

ssh user user@domain authentication-type password

ssh user user@domain service-type snetconf

#

user-interface vty 0 4

authentication-mode aaa





47

protocol inbound ssh

#

return


#

sysname Device2

#


undo shutdown

ip address 192.168.1.2 255.255.255.0

#


undo shutdown

ip address 192.168.2.1 255.255.255.0

#


undo shutdown

ip address 10.2.1.2 255.255.255.0

#

interface LoopBack1

ip address 3.3.3.3 255.255.255.255

#

ospf 1

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 10.1.1.0 0.0.0.255

network 10.2.1.0 0.0.0.255

network 192.168.1.0 0.0.0.255

network 192.168.2.0 0.0.0.255

#

return


#





48

sysname Device3

#

bridge-domain 10

vxlan vni 5010

#

aaa

local-user user@domain password irreversible-cipher

$1a$VSrx#20q.7$U6bK2gqMW+a*vX@c$-$59i|Z*/,T$9*q2j!~PY'/$

local-user user@domain service-type ssh

local-user user@domain user-group manage-ug

#


undo portswitch

undo shutdown

ip address 192.168.2.2 255.255.255.0

#


undo portswitch

undo shutdown

ip address 10.2.1.2 255.255.255.0

#

interface GigabitEthernet1/0/2.1

encapsulation dot1q vid 20

bridge-domain 10

#


undo shutdown

ip address 10.3.1.2 255.255.255.0

#

interface LoopBack1

ip address 4.4.4.4 255.255.255.255

#

interface Nve1

source 4.4.4.4





49

vni 5010 head-end peer-list 3.3.3.3

#

ospf 1

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 10.3.1.0 0.0.0.255

network 192.168.2.0 0.0.0.255

#

snetconf server enable

ssh user user@domain

ssh user user@domain authentication-type password

ssh user user@domain service-type snetconf

#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

#

return

huawei netengine router v800r008c10 feature … ne...huawei netengine router v800r008c10 feature...

Documents