HPE FlexFabric 7900 Series Vxlan Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Network Router
  5. FlexFabric 7900 Series
  6. Vxlan configuration manual

HPE FlexFabric 7900 Series Vxlan Configuration Manual

Hide thumbs Also See for FlexFabric 7900 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Installation Manual
HPE FlexFabric 7900 Switch Series
VXLAN

Configuration Guide

Part number: 5998-8254R
Software version: Release 213x
Document version: 6W101-20151113

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexFabric 7900 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for HPE FlexFabric 7900 Series

Summary of Contents for HPE FlexFabric 7900 Series

  • Page 1: Configuration Guide

    HPE FlexFabric 7900 Switch Series VXLAN Configuration Guide Part number: 5998-8254R Software version: Release 213x Document version: 6W101-20151113...
  • Page 2 © Copyright 2015 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents VXLAN overview ····························································································· 1     VXLAN network model ······································································································································· 1   VXLAN packet format ········································································································································ 2   Working mechanisms ········································································································································· 3   Assignment of traffic to VXLANs ················································································································ 3   MAC learning ············································································································································· 3   Traffic forwarding ······································································································································· 4  ...
  • Page 4   Protocols and standards ·································································································································· 47   OVSDB VTEP configuration task list ··············································································································· 47   Configuration prerequisites ······························································································································ 48   Setting up an OVSDB connection to a controller ····························································································· 48   Configuration restrictions and guidelines ································································································· 48   Configuring active SSL connection settings ····························································································· 48  ...

  • Page 5: Vxlan Overview

    VXLAN overview Virtual eXtensible LAN (VXLAN) is a MAC-in-UDP technology that provides Layer 2 connectivity between distant network sites across an IP network. VXLAN is typically used in data centers for multitenant services. VXLAN provides the following benefits: • Support for more virtual switched domains than VLANs—Each VXLAN is uniquely identified by a 24-bit VXLAN ID.

  • Page 6: Vxlan Packet Format

    Figure 1 VXLAN network model VXLAN packet format As shown in Figure 2, a VTEP encapsulates a frame in the following headers: • 8-byte VXLAN header—VXLAN information for the frame. Flags—If the I bit is 1, the VXLAN ID is valid. If the I bit is 0, the VXLAN ID is invalid. All other bits are reserved and set to 0.

  • Page 7: Working Mechanisms

    Working mechanisms The VTEP uses the following process to forward an inter-site frame: Assigns the frame to its matching VXLAN if the frame is sent between sites. Performs MAC learning on the VXLAN's VSI. Forwards the frame. This section describes this process in detail. For intra-site frames in a VSI, the system performs typical Layer 2 forwarding and processes 802.1Q VLAN tags, as described in "Access modes of VSIs."...

  • Page 8: Traffic Forwarding

    • Remote MAC—MAC entries learned from a remote site, including static, dynamic, and OpenFlow MAC entries. The outgoing interfaces for the MAC addresses are VXLAN tunnel interfaces. Static—Manually added MAC entries. Dynamic—MAC entries learned in the data plane from incoming traffic on VXLAN tunnels. The learned MAC addresses are contained in the inner Ethernet header.
  • Page 9 Figure 4 Inter-site unicast MAC Table on VTEP 1 VM 1 VXLAN/VSI Interface VM 2 VXLAN 10/VSI A MAC 1 FGE1/0/1, VLAN 2 VM 3 VXLAN 10/VSI A MAC 7 Tunnel 1 Server 1 VM 7 FGE1/0/1 VXLAN tunnel 1 VM 8 FGE1/0/1 FGE1/0/2...
  • Page 10 Figure 5 Unicast mode VM 1 VM 2 VM 3 Transport network Replicate and Server 1 encapsulate VM 7 FGE1/0/1 VXLAN tunnel VM 8 FGE1/0/1 FGE1/0/2 VTEP 1 VTEP 2 VM 9 VM 4 Server 3 VM 5 VTEP 3 VM 6 Server 2 VM 10...

  • Page 11: Access Modes Of Vsis

    Figure 7 Flood proxy mode Replicate and forward packet Source: Flood proxy server VM 1 Destination: Each remote VTEP Flood proxy VM 2 server Encapsulate VM 3 with flood proxy server address Server 1 VM 7 FGE1/0/1 Transport VM 8 network FGE1/0/1 FGE1/0/2...

  • Page 12: Protocols And Standards

    As shown in Figure 8, this feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.

  • Page 13: Configuring Basic Vxlan Features

    Configuring basic VXLAN features VXLAN configuration task list Tasks at a glance Remarks (Required.) Setting the forwarding mode for VXLANs (Required.) Creating a VXLAN on a VSI (Required.) Configuring a VXLAN tunnel To extend a VXLAN to remote sites, (Required.) Assigning a VXLAN tunnel to a VXLAN you must assign VXLAN tunnels to the VXLAN.

  • Page 14: Setting The Forwarding Mode For Vxlans

    • Reserve one global-type VLAN interface resource for the VSI interface of each VXLAN before the VXLAN is created if you enable Layer 3 forwarding for VXLANs. For more information about reserving global-type VLAN interface resources, see VLAN configuration in Layer 2—LAN Switching Configuration Guide.

  • Page 15: Assigning A Vxlan Tunnel To A Vxlan

    Step Command Remarks By default, no global source address is specified for VXLAN tunnels. Specify a global source A VXLAN tunnel uses the global tunnel global source-address address for VXLAN source address if you do not specify ip-address tunnels. a source interface or source address for the tunnel.

  • Page 16: Mapping An Ethernet Service Instance To A Vsi

    Step Command Remarks contains the VXLAN tunnel between each pair of sites in the VXLAN. The flooding-proxy keyword is available in Release 2137 and later versions. Mapping an Ethernet service instance to a VSI An Ethernet service instance matches a list of VLANs on a site-facing interface. The VTEP assigns customer traffic from the VLANs to a VXLAN by mapping the Ethernet service instance to a VSI.

  • Page 17: Managing Mac Address Entries

    Step Command Remarks • Match any frames: encapsulation default • Match any 802.1Q tagged or untagged frames: encapsulation { tagged | untagged } By default, an Ethernet service • Match frames tagged with the instance does not contain frame Configure a frame match specified outer 802.1Q VLAN match criteria.

  • Page 18: Enabling Remote-Mac Address Learning

    Step Command Remarks By default, VXLAN VSIs do not have static remote-MAC address entries. mac-address static mac-address Add a static remote interface tunnel tunnel-number vsi For the setting to take effect, make entry. vsi-name sure the VSI's VXLAN has been created and specified on the VXLAN tunnel.

  • Page 19: Configuring The Destination Udp Port Number Of Vxlan Packets

    Configuring the destination UDP port number of VXLAN packets Step Command Remarks Enter system view. system-view By default, the destination UDP port number is 4789 for VXLAN packets. Configure a destination UDP vxlan udp-port port-number port for VXLAN packets. You must configure the same destination UDP port number on all VTEPs in a VXLAN.

  • Page 20: Disabling Remote Arp Learning For Vxlans

    blackhole that occurs when a MAC address entry ages out before its ARP flood suppression entry ages out. To set the MAC aging timer, use the mac-address timer command. To enable ARP flood suppression: Step Command Remarks Enter system view. system-view Enter VSI view.

  • Page 21: Enabling Packet Statistics For An Ethernet Service Instance

    Step Command Remarks Enable the packet statistics By default, the packet statistics statistics enable feature for the VSI. feature is disabled for all VSIs. (Optional.) Display packet display l2vpn vsi [ name This command is available in any statistics for VSIs. vsi-name ] [ verbose ] view.

  • Page 22: Displaying And Maintaining Vxlans

    Step Command Remarks command to take effect, you must configure a frame match criterion for the Ethernet service instance and map it to a VSI. If you modify the frame match criterion or VSI mapping, packet statistics of the instance is cleared. display l2vpn service-instance (Optional.) Display packet [ interface interface-type...

  • Page 23: Vxlan Configuration Examples

    VXLAN configuration examples Unicast-mode VXLAN configuration example Network requirements As shown in Figure • Configure VXLAN 10 as a unicast-mode VXLAN on Switch A, Switch B, and Switch C to provide Layer 2 connectivity for the VMs across the network sites. •...
  • Page 24 # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 1. [SwitchA] interface tunnel 1 mode vxlan [SwitchA-Tunnel1] source 1.1.1.1 [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] quit # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 2. [SwitchA] interface tunnel 2 mode vxlan [SwitchA-Tunnel2] source 1.1.1.1 [SwitchA-Tunnel2] destination 3.3.3.3...
  • Page 25 [SwitchB-Tunnel2] source 2.2.2.2 [SwitchB-Tunnel2] destination 1.1.1.1 [SwitchB-Tunnel2] quit # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 3. [SwitchB] interface tunnel 3 mode vxlan [SwitchB-Tunnel3] source 2.2.2.2 [SwitchB-Tunnel3] destination 3.3.3.3 [SwitchB-Tunnel3] quit # Assign Tunnel 2 and Tunnel 3 to VXLAN 10. [SwitchB] vsi vpna [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan10] tunnel 2...
  • Page 26 [SwitchC-Tunnel1] quit # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3. [SwitchC] interface tunnel 3 mode vxlan [SwitchC-Tunnel3] source 3.3.3.3 [SwitchC-Tunnel3] destination 2.2.2.2 [SwitchC-Tunnel3] quit # Assign Tunnel 1 and Tunnel 3 to VXLAN 10. [SwitchC] vsi vpna [SwitchC-vsi-vpna] vxlan 10 [SwitchC-vsi-vpna-vxlan10] tunnel 1...

  • Page 27: Multicast-Mode Vxlan Configuration Example

    : 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit Drop Unknown Flooding : Enabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flooding proxy Tunnel1 0x5000001 Manual Disabled Tunnel2 0x5000002 Manual...
  • Page 28 Figure 10 Network diagram Table 1 IP address assignment Device Interface IP address Device Interface IP address Switch Switch VLAN-interface 11 11.1.1.1/24 VLAN-interface 13 13.1.1.3/24 Switch Switch E: VLAN-interface 11 11.1.1.4/24 VLAN-interface 13 13.1.1.5/24 VLAN-interface 21 21.1.1.4/24 VLAN-interface 23 23.1.1.5/24 Switch Switch F: VLAN-interface 21...
  • Page 29 [SwitchA] l2vpn enable # Enable Layer 2 forwarding for VXLANs. [SwitchA] undo vxlan ip-forwarding # Enable IP multicast routing. [SwitchA] multicast routing [SwitchA-mrib] quit # Create the VSI vpna and VXLAN 10. [SwitchA] vsi vpna [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan10] quit [SwitchA-vsi-vpna] quit # Assign an IP address to VLAN-interface 11, and enable the IGMP host feature on the interface.
  • Page 30 [SwitchA-FortyGigE1/0/1] quit Configure Switch B: # Enable L2VPN. <SwitchB> system-view [SwitchB] l2vpn enable # Enable Layer 2 forwarding for VXLANs. [SwitchB] undo vxlan ip-forwarding # Enable IP multicast routing. [SwitchB] multicast routing [SwitchB-mrib] quit # Create the VSI vpna and VXLAN 10. [SwitchB] vsi vpna [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan10] quit...
  • Page 31 [SwitchB-FortyGigE1/0/1-srv1000] encapsulation s-vid 2 # Map Ethernet service instance 1000 to the VSI vpna. [SwitchB-FortyGigE1/0/1-srv1000] xconnect vsi vpna [SwitchB-FortyGigE1/0/1-srv1000] quit [SwitchB-FortyGigE1/0/1] quit Configure Switch C: # Enable L2VPN. <SwitchC> system-view [SwitchC] l2vpn enable # Enable Layer 2 forwarding for VXLANs. [SwitchC] undo vxlan ip-forwarding # Enable IP multicast routing.
  • Page 32 [SwitchC–vlan2] quit # On FortyGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2. [SwitchC] interface fortygige 1/0/1 [SwitchC-FortyGigE1/0/1] service-instance 1000 [SwitchC-FortyGigE1/0/1-srv1000] encapsulation s-vid 2 # Map Ethernet service instance 1000 to the VSI vpna. [SwitchC-FortyGigE1/0/1-srv1000] xconnect vsi vpna [SwitchC-FortyGigE1/0/1-srv1000] quit [SwitchC-FortyGigE1/0/1] quit Configure Switch D:...
  • Page 33 [SwitchF-Vlan-interface22] pim sm [SwitchF-Vlan-interface22] quit [SwitchF] interface vlan-interface 23 [SwitchF-Vlan-interface23] pim sm [SwitchF-Vlan-interface23] quit Configure Switch G: # Enable IP multicast routing. <SwitchG> system-view [SwitchG] multicast routing [SwitchG-mrib] quit # Enable IGMP and PIM-SM on VLAN-interface 12. [SwitchG] interface vlan-interface 12 [SwitchG-Vlan-interface12] igmp enable [SwitchG-Vlan-interface12] pim sm [SwitchG-Vlan-interface12] quit...
  • Page 34 VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flooding proxy Tunnel1 0x5000001 Manual Disabled Tunnel2 0x5000002 Manual Disabled MTunnel0 0x6000000 Auto Disabled ACs: Link ID State FGE1/0/1 srv1000 # Verify that the VTEP has learned the MAC addresses of remote VMs. <SwitchA>...

  • Page 35: Configuring Vxlan Ip Gateways

    Configuring VXLAN IP gateways Overview The following are available IP gateway placement designs for VXLANs: • VXLAN IP gateways separated from VTEPs—Use a VXLAN-unaware device as a gateway to the external network for VXLANs. On the gateway, you do not need to configure VXLAN settings.

  • Page 36: Centralized Vxlan Ip Gateway Deployment

    Centralized VXLAN IP gateway deployment As shown in Figure 12, a VTEP acts as a gateway for VMs in the VXLANs. The VTEP both terminates the VXLANs and performs Layer 3 forwarding for the VMs. In this solution, the VTEP provides gateway services for VXLANs on virtual Layer 3 VSI interfaces.

  • Page 37: Centralized Vxlan Ip Gateway Group Deployment

    Figure 13 ARP learning on the VTEP that acts as a VXLAN IP gateway 10.1.1.11 10.1.1.12 VSI/VXLAN 10 VSI/VXLAN 10 20.1.1.11 20.1.1.12 VSI/VXLAN 20 VSI/VXLAN 20 30.1.1.11 30.1.1.12 VSI/VXLAN 30 VSI/VXLAN 30 IP transport network VXLAN tunnel VTEP 1 VTEP 2 Server Server Site 1...

  • Page 38: Hardware Compatibility

    Figure 14 Example of centralized VXLAN IP gateway group deployment L3 network Centralized VXLAN IP gateway group Access layer Access layer VXLAN tunnel VTEP VTEP Transport Server Server network Site 1 Site 2 The VTEP group is a virtual gateway that provides services at a group IP address. Access layer VTEPs set up VXLAN tunnels to the group IP address for data traffic forwarding.

  • Page 39: Configuring A Centralized Vxlan Ip Gateway Group

    Step Command Remarks Return to system view. quit Enter VSI view. vsi vsi-name Specify a gateway interface gateway vsi-interface By default, no gateway interface is for the VSI. vsi-interface-id specified for a VSI. Configuring a centralized VXLAN IP gateway group IMPORTANT: This feature is available in Release 2137 and later versions.

  • Page 40: Specifying A Vtep Group As The Gateway For An Access Layer Vtep

    Step Command Remarks exist on the local VTEP. You must configure a routing protocol to advertise the IP address in the transport network. Member VTEPs in a VTEP group cannot use the group IP address or share an IP address. By default, no VTEP group is specified.

  • Page 41: Enabling Packet Statistics For Vsi Interfaces

    Step Command Remarks rate limit for the VSI rate is not limited for a VSI interface. interface. This command is available in Release 2137 and later versions. The default description of a VSI (Optional.) Configure a interface is interface-name plus description for the VSI description text Interface (for example,...

  • Page 42: Vxlan Ip Gateway Configuration Examples

    VXLAN IP gateway configuration examples Centralized VXLAN IP gateway configuration example Network requirements As shown in Figure • Configure VXLAN 10 on Switch A through Switch C to provide Layer 2 connectivity for the VMs across the network sites. • Configure a VXLAN IP gateway on Switch B to provide Layer 3 forwarding services for VMs in VXLAN 10.
  • Page 43 # Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch B and Switch C. [SwitchA] interface loopback0 [SwitchA-Loopback0] ip address 1.1.1.1 255.255.255.255 [SwitchA-Loopback0] quit # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 1. [SwitchA] interface tunnel 1 mode vxlan [SwitchA-Tunnel1] source 1.1.1.1 [SwitchA-Tunnel1] destination 2.2.2.2...
  • Page 44 [SwitchB] interface loopback0 [SwitchB-Loopback0] ip address 2.2.2.2 255.255.255.255 [SwitchB-Loopback0] quit # Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 2. [SwitchB] interface tunnel 2 mode vxlan [SwitchB-Tunnel2] source 2.2.2.2 [SwitchB-Tunnel2] destination 1.1.1.1 [SwitchB-Tunnel2] quit # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 3. [SwitchB] interface tunnel 3 mode vxlan [SwitchB-Tunnel3] source 2.2.2.2 [SwitchB-Tunnel3] destination 3.3.3.3...
  • Page 45 [SwitchC-Tunnel1] destination 1.1.1.1 [SwitchC-Tunnel1] quit # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3. [SwitchC] interface tunnel 3 mode vxlan [SwitchC-Tunnel3] source 3.3.3.3 [SwitchC-Tunnel3] destination 2.2.2.2 [SwitchC-Tunnel3] quit # Assign Tunnel 1 and Tunnel 3 to VXLAN 10. [SwitchC] vsi vpna [SwitchC-vsi-vpna] vxlan 10 [SwitchC-vsi-vpna-vxlan10] tunnel 1...
  • Page 46 Line protocol state: UP Description: Vsi-interface100 Interface Bandwidth: 1000000kbps Maximum transmission unit: 1500 Internet Address is 10.1.1.1/24 (primary) IP packet frame type: Ethernet II, hardware address: 0011-2200-0102 IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102 Physical: Unknown, baudrate: 1000000 kbps Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec...

  • Page 47: Centralized Vxlan Ip Gateway Group Configuration Example

    10.1.1.11/32 10.1.1.11 Vsi100 Null Verify that the VMs can access the WAN: # Verify that VM 1 and VM 2 can ping each other. (Details not shown.) # Verify that VM 1, VM 2, and VLAN-interface 20 (20.1.1.5) on Switch E can ping each other. (Details not shown.) Centralized VXLAN IP gateway group configuration example IMPORTANT:...
  • Page 48 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit # Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnel to the VTEP group. [SwitchA] interface loopback 0 [SwitchA-Loopback0] ip address 1.1.1.1 255.255.255.255 [SwitchA-Loopback0] quit # Create a VXLAN tunnel to the VTEP group.
  • Page 49 # Assign an IP address to Loopback 1. The IP address will be used as the member IP address of the VTEP. [SwitchB] interface loopback 1 [SwitchB-Loopback1] ip address 3.3.3.3 255.255.255.255 [SwitchB-Loopback1] quit # Create a VXLAN tunnel to Switch A. The tunnel source IP address is 2.2.2.2, and the tunnel interface name is Tunnel 2.
  • Page 50 # Assign an IP address to Loopback 1. The IP address will be used as the member IP address of the VTEP. [SwitchC] interface loopback 1 [SwitchC-Loopback1] ip address 4.4.4.4 255.255.255.255 [SwitchC-Loopback1] quit # Create a VXLAN tunnel to Switch A. The tunnel source IP address is 2.2.2.2, and the tunnel interface name is Tunnel 2.

  • Page 51: Configuring The Vtep As An Ovsdb Vtep

    Configuring the VTEP as an OVSDB VTEP Overview A Hewlett Packard Enterprise network virtualization controller can use the Open vSwitch Database (OVSDB) management protocol to deploy and manage VXLANs on VTEPs. To work with a controller, you must configure the VTEP as an OVSDB VTEP. As shown in Figure 17, an OVSDB VTEP stores all of its VXLAN settings in the form of entries in an...

  • Page 52: Configuration Prerequisites

    Tasks at a glance • Configuring passive TCP connection settings (Required.) Enabling the OVSDB server (Required.) Enabling the OVSDB VTEP service (Required.) Specifying a global source address for VXLAN tunnels (Required.) Specifying a VTEP access port (Optional.) Enabling flood proxy on multicast VXLAN tunnels Configuration prerequisites Before you configure the VTEP as an OVSDB VTEP, enable L2VPN by using the l2vpn enable command.

  • Page 53: Configuring Passive Ssl Connection Settings

    Step Command Remarks If the specified CA certificate file does not exist, the device obtains a self-signed certificate from the controller. The obtained file uses the name specified for the ca-filename argument. By default, the device does not have active OVSDB SSL connections.

  • Page 54: Enabling The Ovsdb Server

    Step Command Remarks connection requests. You can specify only one port to listen for OVSDB TCP connection requests. Port 6640 is used if you do specify a port when you execute the command. Enabling the OVSDB server Make sure you have complete OVSDB connection setup before you enable the OVSDB server. If you change OVSDB connection settings after the OVSDB server is enabled, you must disable and then re-enable the OVSDB server for the change to take effect.

  • Page 55: Specifying A Vtep Access Port

    Specifying a VTEP access port For the controller to manage a site-facing interface, you must specify the interface as a VTEP access port. To specify a VTEP access port: Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number...
  • Page 56 Figure 18 Network diagram Controller cluster (10.0.2.x) Transport network Configuration procedure Configure IP addresses and unicast routing settings: # Assign IP addresses to interfaces, as shown in Figure 18. (Details not shown.) # Configure a unicast routing protocol on all transport network switches (Switches A through D). (Details not shown.) Deploy a VXLAN IP gateway on the transport network.
  • Page 57 # Enable the OVSDB server. [SwitchB] ovsdb server enable # Enable the OVSDB VTEP service. [SwitchB] vtep enable # Specify the site-facing interface FortyGigE 1/0/1 as a VTEP access port. [SwitchB] interface fortygige 1/0/1 [SwitchB-FortyGigE1/0/1] vtep access port [SwitchB-FortyGigE1/0/1] quit Configure Switch C: # Enable L2VPN.

  • Page 58: Flood Proxy Vxlan Configuration Example

    VSI State : Up : 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit Drop Unknown Flooding : Enabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flooding proxy Tunnel1 0x5000001 Manual...
  • Page 59 Figure 19 Network diagram Configuration procedure Configure IP addresses and unicast routing settings: # Assign IP addresses to interfaces, as shown in Figure 19. (Details not shown.) # Configure OSPF on all transport network switches (Switches A through D). (Details not shown.) Configure Switch A: # Enable L2VPN.
  • Page 60 [SwitchA] vxlan tunnel service node Configure Switch B: # Enable L2VPN. <SwitchB> system-view [SwitchB] l2vpn enable # Configure active TCP connection settings. [SwitchB] ovsdb server tcp ip 10.0.2.15 port 6632 # Enable the OVSDB server. [SwitchB] ovsdb server enable # Enable the OVSDB VTEP service. [SwitchB] vtep enable # Assign an IP address to Loopback 0.
  • Page 61 [SwitchC] vxlan tunnel mac-learning disable # Enable flood proxy on multicast VXLAN tunnels. [SwitchC] vxlan tunnel service node Configure VXLAN settings on the controller, and configure the flood proxy server. (Details not shown.) Verifying the configuration Verify the VXLAN settings on the VTEPs. This example uses Switch A. # Verify that the VXLAN tunnel interfaces on the VTEP are up.
  • Page 62 --- 2 mac address(es) found Verify that VM 1, VM 2, and VM 3 can ping each other. (Details not shown.)

  • Page 63: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 64: Network Topology Icons

    Convention Description An alert that provides helpful information. TIP: Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 65: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 66: Websites

    Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 67: Index

    Index VXLAN packet statistics, 16 VXLAN static remote-MAC address entry, 13 access port VXLAN tunnel, 10 VXLAN VTEP access port, 51 VXLAN VSI interface, 36 active VXLAN OVSDB SSL connection, 48 VXLAN VTEP IP gateway group (centralized), 35 VXLAN OVSDB TCP connection, 49 confining VXLAN local flood (unknown-unicast frames), 14 address...
  • Page 68 VXLAN local flood confine (unknown-unicast VXLAN overview, 1 frames), 14 VXLAN OVSDB VTEP configuration (flood Layer 2 proxy), 54 VXLAN network model, 1 VXLAN traffic forwarding flood process, 4, 5 VXLAN overview, 1 format Layer 3 VXLAN packet format, 2 centralized VXLAN VTEP IP gateway group, 33 forwarding independent VXLAN IP gateway, 31...
  • Page 69 VXLAN overview, 1 VXLAN tunnel assignment, 11 VXLAN OVSDB VTEP configuration, 47, 47, 51 VXLAN tunnel configuration, 10 VXLAN tunnel global source address, 50 maintaining VXLAN, 18 VXLAN VSI interface configuration, 36 VXLAN IP gateway, 37 VXLAN VSI interface packet statistics, 37 VXLAN VTEP IP gateway group configuration managing VXLAN MAC address entries, 13...
  • Page 70 displaying VXLAN IP gateway, 37 port destination UDP port of VXLAN packets, 15 enabling multicast VXLAN tunnel flood proxy, 51 VXLAN VTEP access port, 51 enabling VXLAN ARP flood suppression, 15 enabling VXLAN local MAC change logging, 13 procedure assigning VXLAN tunnel, 11 enabling VXLAN OVSDB service, 50 configuring destination UDP port of VXLAN enabling VXLAN OVSDB VTEP service, 50...
  • Page 71 VXLAN static remote-MAC address entry, 13 VXLAN VSI interface packet statistics, 37 statistics VTEP VXLAN packet statistics, 16 access port, 51 VXLAN packet statistics (VSI), 16 centralized VXLAN VTEP IP gateway group, 33 VXLAN VSI interface packet statistics, 37 VXLAN IP gateway (centralized), 32 VXLAN IP gateway configuration (centralized)(on suppressing router), 38...
  • Page 72 MAC address entry management, 13 MAC address learning, 3 maintain, 18 multicast tunnel flood proxy, 51 network model, 1 overview, 1 OVSDB controller connection, 48 OVSDB controller connection restrictions, 48 OVSDB protocols and standards, 47 OVSDB server enable, 50 OVSDB SSL connection (active), 48 OVSDB SSL connection (passive), 49 OVSDB TCP connection (active), 49 OVSDB TCP connection (passive), 49...

Table of Contents