HPE FlexFabric 5940 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexFabric 5940 SERIES
  6. Configuration manual

HPE FlexFabric 5940 Series Configuration Manual

Vxlan
Hide thumbs Also See for FlexFabric 5940 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Installation Manual
HPE FlexFabric 5940 Switch Series
VXLAN Configuration Guide
Part number: 5200-1037a
Software version: Release 2508 and later verison
Document version: 6W101-20161101

Advertisement

Table of Contents
loading

Related Manuals for HPE FlexFabric 5940 Series

Summary of Contents for HPE FlexFabric 5940 Series

  • Page 1 HPE FlexFabric 5940 Switch Series VXLAN Configuration Guide Part number: 5200-1037a Software version: Release 2508 and later verison Document version: 6W101-20161101...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents VXLAN overview ····························································································· 1     VXLAN network model ······································································································································· 1   VXLAN packet format ········································································································································ 2   Working mechanisms ········································································································································· 3   Assignment of traffic to VXLANs ················································································································ 3   MAC learning ············································································································································· 3   Traffic forwarding ······································································································································· 4  ...
  • Page 4   Configuring a VSI interface ······························································································································ 44   Enabling packet statistics for a VSI interface ··································································································· 44   Displaying and maintaining VXLAN IP gateway ······························································································ 45   VXLAN IP gateway configuration examples ···································································································· 45   Centralized VXLAN IP gateway configuration example ··········································································· 45  ...

  • Page 5: Vxlan Overview

    The transport edge devices are VXLAN tunnel endpoints (VTEP). They can be servers that host VMs or independent network devices. An HPE VTEP uses VSIs and VXLAN tunnels to provide VXLAN services. • VSI—A virtual switch instance is a virtual Layer 2 switched domain. Each VSI provides switching services only for one VXLAN.

  • Page 6: Vxlan Packet Format

    Figure 1 VXLAN network model VSI/VXLAN 10 VSI/VXLAN 10 VSI/VXLAN 20 VSI/VXLAN 20 VXLAN tunnel Overlay network VTEP 2 VTEP 1 Site 2 Server Transport network Site 1 Server Underlay network VXLAN packet format As shown in Figure 2, a VTEP encapsulates a frame in the following headers: •...

  • Page 7: Working Mechanisms

    Working mechanisms The VTEP uses the following process to forward an inter-site frame: Assigns the frame to its matching VXLAN if the frame is sent between sites. Performs MAC learning on the VXLAN's VSI. Forwards the frame through VXLAN tunnels. This section describes this process in detail.

  • Page 8: Traffic Forwarding

    • Remote MAC—MAC entries learned from a remote site, including static and dynamic MAC entries. The outgoing interfaces for the MAC addresses are VXLAN tunnel interfaces. Static—Manually added MAC entries. Dynamic—MAC entries learned in the data plane from incoming traffic on VXLAN tunnels. The learned MAC addresses are contained in the inner Ethernet header.
  • Page 9 Flood The VTEP floods a broadcast, multicast, or unknown unicast frame to all site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface. VXLAN supports the following modes for flood traffic: • Unicast mode—Also called head-end replication. The source VTEP replicates the flood frame, and then sends one replica to the destination IP address of each VXLAN tunnel in the VXLAN.
  • Page 10 Figure 5 Unicast mode Figure 6 Multicast mode...

  • Page 11: Access Modes Of Vsis

    Figure 7 Flood proxy mode Replicate and forward packet Source: Flood proxy server VM 1 Destination: Each remote VTEP Flood proxy VM 2 server Encapsulate VM 3 with flood proxy server address Server 1 VM 7 Transport network VM 8 VTEP 1 VTEP 2 VM 9...

  • Page 12: Vxlan Ip Gateways

    As shown in Figure 8, this feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.

  • Page 13: Protocols And Standards

    Protocols and standards RFC 7348, Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks...

  • Page 14: Configuring Basic Vxlan Features

    Configuring basic VXLAN features VXLAN configuration task list Tasks at a glance Remarks Set the VXLAN hardware resource (Required.) Setting the VXLAN hardware resource allocation mode allocation mode based on the role of the device in the network. (Required.) Creating a VXLAN on a VSI (Required.) Configuring a VXLAN tunnel To extend a VXLAN to remote...

  • Page 15: Creating A Vxlan On A Vsi

    To set the VXLAN hardware resource allocation mode: Step Command Remarks Enter system view. system-view hardware-resource vxlan { border8k By default, the VXLAN Set the VXLAN hardware | border16k | border24k | border32k | hardware resource allocation resource allocation mode. border40k | l2gw | l3gw8k | l3gw16k | mode is l2gw.

  • Page 16: Assigning Vxlan Tunnels To A Vxlan

    Step Command Remarks interface is specified for a tunnel. This step specifies the source IP address in the outer IP header of tunneled VXLAN packets. If an interface is specified, its primary IP address is used. For a multicast-mode VXLAN, the source IP address cannot be a loopback interface's address, and the source interface cannot be a loopback interface.

  • Page 17: Mapping An Ethernet Service Instance To A Vsi

    Step Command Remarks [ flooding-proxy ] | all } to the VXLAN. VXLAN tunnels. For full Layer 2 connectivity in the VXLAN, make sure the VXLAN contains the VXLAN tunnel between each pair of sites in the VXLAN. Enable flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server.

  • Page 18: Managing Mac Address Entries

    Step Command Remarks specified outer and inner 802.1Q VLAN IDs: encapsulation s-vid vlan-id [ c-vid { vlan-id-list | all } | only-tagged ] encapsulation s-vid vlan-id-list [ c-vid vlan-id-list ] xconnect vsi vsi-name By default, an Ethernet service Map the Ethernet service [ access-mode { ethernet | vlan } ] instance is not mapped to any instance to a VSI.

  • Page 19: Disabling Remote-Mac Address Learning

    Step Command Remarks Enter system view. system-view By default, VXLAN VSIs do not have static mac-address static remote-MAC address entries. Add a static mac-address interface remote-MAC address For the setting to take effect, make sure the tunnel tunnel-number vsi entry. VSI's VXLAN has been created and vsi-name specified on the VXLAN tunnel.

  • Page 20: Configuring A Vtep Using The Pim Method

    Configuring a VTEP using the PIM method Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Enter VXLAN view. vxlan vxlan-id By default, a VXLAN uses unicast mode for flood traffic. No multicast group address or source IP address is specified for multicast VXLAN packets.

  • Page 21: Confining Floods To The Local Site

    Step Command Remarks effect after you execute the multicast routing command. Confining floods to the local site By default, the VTEP floods broadcast, unknown unicast, and unknown multicast frames received from the local site to the following interfaces in the frame's VXLAN: •...

  • Page 22: Enabling Arp Flood Suppression

    • UDP checksum check—The device always sets the UDP checksum of VXLAN packets to zero. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is zero or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.

  • Page 23: Disabling Remote Arp Learning For Vxlans

    Step Command Remarks suppression. is disabled. Disabling remote ARP learning for VXLANs By default, the device learns ARP information of remote VMs from packets received on VXLAN tunnel interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries.

  • Page 24: Testing The Reachability Of A Remote Vm

    Step Command Remarks Enter Ethernet service service-instance instance-id instance view. By default, the packet statistics feature is disabled for all Ethernet service instances. For the statistics enable Enable packet statistics for command to take effect, you must the Ethernet service statistics enable configure a frame match criterion instance.

  • Page 25: Vxlan Configuration Examples

    Task Command interfaces. down ] ] Display VXLAN tunnel information for display vxlan tunnel [ vxlan vxlan-id ] VXLANs. Display the VXLAN hardware resource display hardware-resource [ vxlan ] allocation mode. Clear ARP flood suppression entries reset arp suppression vsi [ name vsi-name ] on VSIs.
  • Page 26 # Assign IP addresses to interfaces, as shown in Figure 9. (Details not shown.) # Configure OSPF on all transport network switches (Switches A through D). (Details not shown.) Configure Switch A: # Enable L2VPN. <SwitchA> system-view [SwitchA] l2vpn enable # Create VSI vpna and VXLAN 10.
  • Page 27 [SwitchB] vsi vpna [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit # Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch A and Switch C. [SwitchB] interface loopback 0 [SwitchB-Loopback0] ip address 2.2.2.2 255.255.255.255 [SwitchB-Loopback0] quit # Create a VXLAN tunnel to Switch A.
  • Page 28 # Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 1. [SwitchC] interface tunnel 1 mode vxlan [SwitchC-Tunnel1] source 3.3.3.3 [SwitchC-Tunnel1] destination 1.1.1.1 [SwitchC-Tunnel1] quit # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3. [SwitchC] interface tunnel 3 mode vxlan [SwitchC-Tunnel3] source 3.3.3.3 [SwitchC-Tunnel3] destination 2.2.2.2...

  • Page 29: Multicast-Mode Vxlan Configuration Example

    VSI State : Up : 1500 Bandwidth Broadcast Restrain : 4294967295 kbps Multicast Restrain : 4294967295 kbps Unknown Unicast Restrain: 4294967295 kbps MAC Learning : Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled VXLAN ID : 10 Tunnels:...
  • Page 30 Figure 10 Network diagram Switch E Switch D Vlan-int11 Vlan-int13 Vlan-int11 Vlan-int13 XGE1/0/1 XGE1/0/1 Vlan-int21 Vlan-int23 Switch C Switch A Vlan-int21 Vlan-int23 VLAN 2 VLAN 2 Loop0 Switch F VM 1 VM 3 Vlan-int22 Transport Server 1 Server 3 network Vlan-int22 Switch G Vlan-int12...
  • Page 31 [SwitchA] vsi vpna [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit # Assign an IP address to VLAN-interface 11, and enable the IGMP host feature on the interface. This interface's IP address will be the source IP address of VXLAN packets sent by the VTEP.
  • Page 32 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit # Assign an IP address to VLAN-interface 12, and enable the IGMP host feature on the interface. This interface's IP address will be the source IP address of VXLAN packets sent by the VTEP. [SwitchB] interface vlan-interface 12 [SwitchB-Vlan-interface12] ip address 12.1.1.2 24 [SwitchB-Vlan-interface12] igmp host enable [SwitchB-Vlan-interface12] quit...
  • Page 33 # Assign an IP address to VLAN-interface 13, and enable the IGMP host feature on the interface. This interface's IP address will be the source IP address of VXLAN packets sent by the VTEP. [SwitchC] interface vlan-interface 13 [SwitchC-Vlan-interface13] ip address 13.1.1.3 24 [SwitchC-Vlan-interface13] igmp host enable [SwitchC-Vlan-interface13] quit # Create a VXLAN tunnel to Switch A.
  • Page 34 # Enable BIDIR-PIM. [SwitchD] pim [SwitchD-pim] bidir-pim enable [SwitchD-pim] quit Configure Switch E: # Enable IP multicast routing. <SwitchE> system-view [SwitchE] multicast routing [SwitchE-mrib] quit # Enable IGMP and PIM-SM on VLAN-interface 13. [SwitchE] interface vlan-interface 13 [SwitchE-Vlan-interface13] igmp enable [SwitchE-Vlan-interface13] pim sm [SwitchE-Vlan-interface13] quit # Enable PIM-SM on VLAN-interface 23.
  • Page 35 <SwitchG> system-view [SwitchG] multicast routing [SwitchG-mrib] quit # Enable IGMP and PIM-SM on VLAN-interface 12. [SwitchG] interface vlan-interface 12 [SwitchG-Vlan-interface12] igmp enable [SwitchG-Vlan-interface12] pim sm [SwitchG-Vlan-interface12] quit # Enable PIM-SM on VLAN-interface 22. [SwitchG] interface vlan-interface 22 [SwitchG-Vlan-interface22] pim sm [SwitchG-Vlan-interface22] quit # Enable BIDIR-PIM.
  • Page 36 Drop Unknown Flooding : Enabled Statistics : Disabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel1 0x5000001 Manual Disabled Tunnel2 0x5000002 Manual Disabled MTunnel0 0x6000000 Auto Disabled ACs: Link ID State XGE1/0/1 srv1000 # Verify that the VTEP has learned the MAC addresses of remote VMs. <SwitchA>...

  • Page 37: Configuring Vxlan Ip Gateways

    Configuring VXLAN IP gateways Overview The following are available IP gateway placement designs for VXLANs: • VXLAN IP gateways separated from VTEPs—Use a VXLAN-unaware device as a gateway to the external network for VXLANs. On the gateway, you do not need to configure VXLAN settings.

  • Page 38: Centralized Vxlan Ip Gateway Deployment

    Figure 11 VXLAN IP gateway separated from VTEPs Centralized VXLAN IP gateway deployment As shown in Figure 12, a VTEP acts as a gateway for VMs in the VXLANs. The VTEP both terminates the VXLANs and performs Layer 3 forwarding for the VMs. Figure 12 Centralized VXLAN IP gateway placement design As shown in Figure...

  • Page 39: Centralized Vxlan Gateway Group Deployment

    VTEP 1 forwards the ARP reply to the VM. The VM learns the MAC address of the gateway, and sends the Layer 3 traffic to the gateway. VTEP 3 removes the VXLAN encapsulation and inner Ethernet header for the traffic, and forwards the traffic to the destination node.

  • Page 40: Distributed Vxlan Ip Gateway Deployment

    Figure 14 Example of centralized VXLAN IP gateway group deployment L3 network Centralized VXLAN IP gateway group Access layer Access layer VXLAN tunnel VTEP VTEP Transport Server Server network Site 1 Site 2 The VTEP group is a virtual gateway that provides services at a group IP address. Access layer VTEPs set up VXLAN tunnels to the group IP address for data traffic forwarding.
  • Page 41 Figure 15 Distributed VXLAN IP gateway placement design Figure 16 shows an example of distributed VXLAN IP gateway deployment. This section uses this figure to describe the forwarding processes for intra-VXLAN traffic, inter-VXLAN traffic, and traffic from a VXLAN to an external network. In these processes, VTEPs use dynamically learned ARP entries.
  • Page 42 Intra-VXLAN traffic forwarding between sites As shown in Figure 16, the network uses the following process to forward traffic in a VXLAN between sites (for example, from VM 1 to VM 4 in VXLAN 10): VM 1 sends an ARP request to obtain the MAC address of VM 4. GW 1 performs the following operations: a.

  • Page 43: Configuration Restrictions And Guidelines

    b. Replaces the sender MAC address in the request with the MAC address of VSI-interface 20 on GW 2, and then sends the reply to GW 1. GW 1 de-encapsulates the ARP request and creates an ARP entry for VM 5. The entry contains VM 5's IP address 20.1.1.12, the MAC address of VSI-interface 20 on GW 2, and the incoming tunnel interface.

  • Page 44: Configuration Prerequisites

    Device role Configuration Restrictions and guidelines An ACL applied to a Layer 3 Ethernet interface or Layer 3 aggregate interface matches packets on both the interface and its subinterfaces. For more information about ACLs, see ACL and QoS Configuration Guide. •...

  • Page 45: Configuring A Centralized Vxlan Ip Gateway Group

    Configuring a centralized VXLAN IP gateway group Configuration restrictions and guidelines A centralized VXLAN IP gateway group is exclusive with the VSI flood confining feature in some conditions. When you use the features together, follow these restrictions and guidelines: • A gateway group can work correctly only when flooding is enabled for VSIs or when both unknown unicast and unknown multicast floods are suppressed.

  • Page 46: Specifying A Vtep Group As The Gateway For An Access Layer Vtep

    Step Command Remarks transport network. Member VTEPs in a VTEP group cannot use the group IP address or share an IP address. By default, no VTEP group is specified. 10. Specify all the other VTEPs vtep group group-ip member in the VTEP group. remote member-ip&<1-8>...

  • Page 47: Configuration Prerequisites

    Configuration prerequisites For a VXLAN that requires access to the external network, specify the VXLAN's VSI interface on the border gateway as the next hop by using one of the following methods: • Configure a static route. • Configure a routing policy, and apply the policy by using the apply next-hop command. For more information about configuring routing policies, see routing policy configuration in Layer 3—IP Routing Configuration Guide.

  • Page 48: Configuring A Vsi Interface

    Step Command Remarks the VSI. Multiple VSIs cannot share a gateway interface. By default, no subnet exists on a VSI. You can assign a maximum of eight IPv4 and gateway subnet IPv6 subnets to a VSI. Make sure these 10. Assign a subnet to the { ipv4-address subnets are on the same network as one of VSI.

  • Page 49: Displaying And Maintaining Vxlan Ip Gateway

    Step Command Remarks Enable packet statistics for By default, the packet statistics statistics enable the VSI. feature is disabled for all VSIs. display interface (Optional.) Display VSI [ vsi-interface interface information. [ vsi-interface-id ] ] [ brief [ description | down ] ] Displaying and maintaining VXLAN IP gateway Execute display commands in any view and reset commands in user view.
  • Page 50 Figure 17 Network diagram Transport Loop0 Loop0 1.1.1.1/32 3.3.3.3/32 network 10.1.1.11 10.1.1.12 Vlan-int11 Vlan-int11 Vlan-int13 Vlan-int13 XGE1/0/1 XGE1/0/1 11.1.1.1/24 11.1.1.4/24 13.1.1.4/24 13.1.1.3/24 VM 1 VM 2 VLAN 2 VLAN 2 Vlan-int12 Switch D Server 1 Server 2 12.1.1.4/24 Switch A Switch C Vlan-int12 12.1.1.2/24...
  • Page 51 [SwitchA-Tunnel2] destination 3.3.3.3 [SwitchA-Tunnel2] quit # Assign Tunnel 1 and Tunnel 2 to VXLAN 10. [SwitchA] vsi vpna [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan-10] tunnel 1 [SwitchA-vsi-vpna-vxlan-10] tunnel 2 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit # On Ten-GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2. [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2...
  • Page 52 [SwitchB-vsi-vpna-vxlan-10] tunnel 3 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit # Create VSI-interface 1 and assign the interface an IP address. The IP address will be used as the gateway address for VXLAN 10. [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchB-Vsi-interface1] quit # Specify VSI-interface 1 as the gateway interface for VSI vpna.
  • Page 53 [SwitchC-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna [SwitchC-Ten-GigabitEthernet1/0/1-srv1000] quit [SwitchC-Ten-GigabitEthernet1/0/1] quit Verifying the configuration Verify the VXLAN IP gateway settings on Switch B: # Verify that the VXLAN tunnel interfaces are up on Switch B. [SwitchB] display interface tunnel 2 Tunnel2 Current state: UP Line protocol state: UP Description: Tunnel1 Interface Bandwidth: 64kbps...

  • Page 54: Centralized Vxlan Ip Gateway Group Configuration Example

    Unknown Unicast Restrain: 4294967295 kbps MAC Learning : Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled Gateway interface : VSI-interface 1 VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel2 0x5000002 Manual...
  • Page 55 Figure 18 Network diagram Configuration procedure On VM 1, specify 10.1.1.1 as the gateway address. (Details not shown.) Configure IP addresses and unicast routing settings: # Assign IP addresses to interfaces, as shown in Figure 18. (Details not shown.) # Configure OSPF on all transport network switches (Switches A through D). (Details not shown.) Configure Switch A: # Enable L2VPN.
  • Page 56 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 # Map Ethernet service instance 1000 to VSI vpna. [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit [SwitchA-Ten-GigabitEthernet1/0/1] quit # Specify VTEP group 2.2.2.2 and its member VTEPs at 3.3.3.3 and 4.4.4.4. [SwitchA] vtep group 2.2.2.2 member remote 3.3.3.3 4.4.4.4 Configure Switch B: # Enable L2VPN.
  • Page 57 # Specify VSI-interface 1 as the gateway interface for VSI vpna. [SwitchB] vsi vpna [SwitchB-vsi-vpna] gateway vsi-interface 1 [SwitchB-vsi-vpna] quit # Assign the local VTEP to VTEP group 2.2.2.2, and specify the member IP address of the local VTEP. [SwitchB] vtep group 2.2.2.2 member local 3.3.3.3 # Specify the other member VTEP Switch C.

  • Page 58: Distributed Vxlan Ipv4 Gateway Configuration Example

    # Specify VSI-interface 1 as the gateway interface for VSI vpna. [SwitchC] vsi vpna [SwitchC-vsi-vpna] gateway vsi-interface 1 [SwitchC-vsi-vpna] quit # Assign the local VTEP to VTEP group 2.2.2.2, and specify the member IP address of the local VTEP. [SwitchC] vtep group 2.2.2.2 member local 4.4.4.4 # Specify the other member VTEP Switch B.
  • Page 59 # Configure OSPF to advertise routes to networks 10.1.1.0/24, 20.1.1.0/24, and 25.1.1.0/24 on Switch B and Switch E. (Details not shown.) Configure Switch A: # Enable L2VPN. <SwitchA> system-view [SwitchA] l2vpn enable # Set the VXLAN hardware resource allocation mode. [SwitchA] hardware-resource vxlan l3gw8k # Create VSI vpna and VXLAN 10.
  • Page 60 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 # Map Ethernet service instance 1000 to VSI vpna. [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit [SwitchA-Ten-GigabitEthernet1/0/1] quit # Create VSI-interface 1 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 10.
  • Page 61 [SwitchA-pbr-vxlan30-5] apply next-hop 20.1.1.2 [SwitchA-pbr-vxlan30-5] quit # Apply policies vxlan10 and vxlan30 to VSI-interface 1 and VSI-interface 2, respectively. [SwitchA] interface vsi-interface 1 [SwitchA-Vsi-interface1] ip policy-based-route vxlan10 [SwitchA-Vsi-interface1] quit [SwitchA] interface vsi-interface 2 [SwitchA-Vsi-interface2] ip policy-based-route vxlan30 [SwitchA-Vsi-interface2] quit Configure Switch B: # Enable L2VPN.
  • Page 62 [SwitchB] vsi vpnc [SwitchB-vsi-vpnc] vxlan 30 [SwitchB-vsi-vpnc-vxlan-30] tunnel 3 [SwitchB-vsi-vpnc-vxlan-30] quit [SwitchB-vsi-vpnc] quit # Create VSI-interface 1 and assign the interface an IP address. [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ip address 10.1.1.2 255.255.255.0 [SwitchB-Vsi-interface1] quit # Create VSI-interface 2 and assign the interface an IP address. [SwitchB] interface vsi-interface 2 [SwitchB-Vsi-interface2] ip address 20.1.1.2 255.255.255.0 [SwitchB-Vsi-interface2] quit...
  • Page 63 # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3. [SwitchC] interface tunnel 3 mode vxlan [SwitchC-Tunnel3] source 3.3.3.3 [SwitchC-Tunnel3] destination 2.2.2.2 [SwitchC-Tunnel3] quit # Assign Tunnel 1 and Tunnel 3 to VXLAN 10. [SwitchC] vsi vpna [SwitchC-vsi-vpna] vxlan 10 [SwitchC-vsi-vpna-vxlan-10] tunnel 1 [SwitchC-vsi-vpna-vxlan-10] tunnel 3...
  • Page 64 [SwitchC-Vsi-interface2] distributed-gateway local [SwitchC-Vsi-interface2] local-proxy-arp enable [SwitchC-Vsi-interface2] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchC] vsi vpnb [SwitchC-vsi-vpnb] gateway vsi-interface 2 [SwitchC-vsi-vpnb] quit # Configure a routing policy for the VXLANs. Set the policy name to vxlan and set the next hop to 20.1.1.2 (VSI-interface 1 on Switch B).
  • Page 65 IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001 Physical: Unknown, baudrate: 1000000 kbps Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Verify that the VXLAN tunnels have been assigned to the VXLANs, and the VSI interfaces are...
  • Page 66 Bandwidth: 64kbps Maximum transmission unit: 64000 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 2.2.2.2, destination 1.1.1.1 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Verify that the VSI interfaces are up.

  • Page 67: Distributed Vxlan Ipv6 Gateway Configuration Example

    Tunnel2 0x5000002 Manual # Verify that Switch B has created ARP entries for the VMs. [SwitchB] display arp Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid IP address MAC address Interface/Link ID Aging Type 12.1.1.4 0000-fc00-00ab 12 Vlan12 25.1.1.5 4431-9234-24bb 20 Vlan20 10.1.1.1 0000-fc00-00ab N/A...
  • Page 68 Figure 20 Network diagram Configuration procedure On VM 1 and VM 2, specify 1::1 and 4::1 as the gateway address, respectively. (Details not shown.) Configure IP addresses and unicast routing settings: # Assign IP addresses to interfaces, as shown in Figure 20.
  • Page 69 # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 1. [SwitchA] interface tunnel 1 mode vxlan [SwitchA-Tunnel1] source 1.1.1.1 [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] quit # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 2. [SwitchA] interface tunnel 2 mode vxlan [SwitchA-Tunnel2] source 1.1.1.1 [SwitchA-Tunnel2] destination 3.3.3.3...
  • Page 70 # Specify VSI-interface 2 as a distributed gateway and enable local ND proxy on the interface. [SwitchA-Vsi-interface2] distributed-gateway local [SwitchA-Vsi-interface2] local-proxy-nd enable [SwitchA-Vsi-interface2] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] gateway vsi-interface 2 [SwitchA-vsi-vpnb] quit # Configure an IPv6 static route.
  • Page 71 [SwitchB-vsi-vpna] quit # Assign Tunnel 2 and Tunnel 3 to VXLAN 20. [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] vxlan 20 [SwitchB-vsi-vpnb-vxlan-20] tunnel 2 [SwitchB-vsi-vpnb-vxlan-20] tunnel 3 [SwitchB-vsi-vpnb-vxlan-20] quit [SwitchB-vsi-vpnb] quit # Create VSI-interface 1 and assign the interface an IPv6 address. [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ipv6 address 1::2/64 [SwitchB-Vsi-interface1] quit # Create VSI-interface 2 and assign the interface an IPv6 address.
  • Page 72 [SwitchC-Tunnel1] source 3.3.3.3 [SwitchC-Tunnel1] destination 1.1.1.1 [SwitchC-Tunnel1] quit # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3. [SwitchC] interface tunnel 3 mode vxlan [SwitchC-Tunnel3] source 3.3.3.3 [SwitchC-Tunnel3] destination 2.2.2.2 [SwitchC-Tunnel3] quit # Assign Tunnel 1 and Tunnel 3 to VXLAN 10. [SwitchC] vsi vpna [SwitchC-vsi-vpna] vxlan 10 [SwitchC-vsi-vpna-vxlan-10] tunnel 1...
  • Page 73 [SwitchC-Vsi-interface2] local-proxy-nd enable [SwitchC-Vsi-interface2] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchC] vsi vpnb [SwitchC-vsi-vpnb] gateway vsi-interface 2 [SwitchC-vsi-vpnb] quit # Configure an IPv6 static route. Set the destination address to 3::/64 and the next hop to 4::2. [SwitchC] ipv6 route-static 3:: 64 4::2 Verifying the configuration Verify the distributed VXLAN IP gateway settings on Switch A:...
  • Page 74 VSI State : Up : 1500 Bandwidth Broadcast Restrain : 4294967295 kbps Multicast Restrain : 4294967295 kbps Unknown Unicast Restrain: 4294967295 kbps MAC Learning : Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 1 VXLAN ID...
  • Page 75 4::400 0002-0000-0047 N/A Vsi2 REACH D FE80::201:FF:FE00:47 0001-0000-0047 N/A Vsi1 REACH D FE80::202:FF:FE00:0 0002-0000-0000 N/A Vsi1 REACH D FE80::202:FF:FE00:47 0002-0000-0047 N/A Vsi2 DELAY D # Verify that Switch A has created FIB entries for the VMs. [SwitchA] display ipv6 fib 4::400 Destination count: 1 FIB entry count: 1 Flag: U:Useable...
  • Page 76 Internet protocol processing: Disabled IP packet frame type: Ethernet II, hardware address: 0011-2200-0102 IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102 Physical: Unknown, baudrate: 1000000 kbps Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops...
  • Page 77 R:Relay F:FRR Destination: 1::100 Prefix length: 128 Nexthop : 1::100 Flags: UH Time stamp : 0x21 Label: Null Interface : Vsi1 Token: Invalid [SwitchB] display ipv6 fib 4::400 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay...

  • Page 78: Configuring The Vtep As An Ovsdb Vtep

    Configuring the VTEP as an OVSDB VTEP Overview An HPE network virtualization controller can use the Open vSwitch Database (OVSDB) management protocol to deploy and manage VXLANs on VTEPs. To work with a controller, you must configure the VTEP as an OVSDB VTEP.

  • Page 79: Configuration Prerequisites

    Tasks at a glance (Required.) Specifying a global source address for VXLAN tunnels (Required.) Specifying a VTEP access port (Optional.) Enabling flood proxy on multicast VXLAN tunnels Configuration prerequisites Before you configure the VTEP as an OVSDB VTEP, enable L2VPN by using the l2vpn enable command.

  • Page 80: Configuring Passive Ssl Connection Settings

    Step Command Remarks By default, the device does not have active OVSDB SSL connections. Set up an active SSL ovsdb server ssl ip connection. ip-address port port-number You can set up a maximum of eight OVSDB SSL connections. Configuring passive SSL connection settings Step Command Remarks...

  • Page 81: Enabling The Ovsdb Server

    Enabling the OVSDB server Make sure you have complete OVSDB connection setup before you enable the OVSDB server. If you change OVSDB connection settings after the OVSDB server is enabled, you must disable and then re-enable the OVSDB server for the change to take effect. To enable the OVSDB server: Step Command...

  • Page 82: Enabling Flood Proxy On Multicast Vxlan Tunnels

    Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface view: interface interface-type interface-number • Enter interface view. Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number Specify the interface as a By default, an interface is not a vtep access port VTEP access port.
  • Page 83 Figure 22 Network diagram Configuration procedure Configure IP addresses and unicast routing settings: # Assign IP addresses to interfaces, as shown in Figure 22. (Details not shown.) # Configure OSPF on all transport network switches (Switches A through D). (Details not shown.) Configure Switch A: # Enable L2VPN.
  • Page 84 # Configure active TCP connection settings. [SwitchB] ovsdb server tcp 10.0.2.15 port 6632 # Enable the OVSDB server. [SwitchB] ovsdb server enable # Enable the OVSDB VTEP service. [SwitchB] vtep enable # Assign an IP address to Loopback 0. Specify the IP address as the global source address for VXLAN tunnels.

  • Page 85: Flood Proxy Vxlan Configuration Example

    Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.1.1.1, destination 2.2.2.2 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Verify that the VXLAN tunnels have been assigned to the VXLAN.
  • Page 86 • Use the MAC address entries issued by the controller to direct traffic forwarding on Switch A, Switch B, and Switch C. Figure 23 Network diagram Configuration procedure Configure IP addresses and unicast routing settings: # Assign IP addresses to interfaces, as shown in Figure 23.
  • Page 87 [SwitchA] interface ten-gigabitethernet 1/0/2 [SwitchA-Ten-GigabitEthernet1/0/2] undo mac-address static source-check enable [SwitchA-Ten-GigabitEthernet1/0/2] quit # Disable remote-MAC address learning. [SwitchA] vxlan tunnel mac-learning disable # Enable flood proxy on multicast VXLAN tunnels. [SwitchA] vxlan tunnel flooding-proxy Configure Switch B: # Enable L2VPN. <SwitchB>...
  • Page 88 [SwitchC] interface loopback 0 [SwitchC-LoopBack0] ip address 3.3.3.3 255.255.255.255 [SwitchC-LoopBack0] quit # Specify the IP address of Loopback 0 as the global source address for VXLAN tunnels. [SwitchC] tunnel global source-address 3.3.3.3 # Specify site-facing interface Ten-GigabitEthernet 1/0/1 as a VTEP access port. [SwitchC] interface ten-gigabitethernet 1/0/1 [SwitchC-Ten-GigabitEthernet1/0/1] vtep access port [SwitchC-Ten-GigabitEthernet1/0/1] quit...
  • Page 89 Unknown Unicast Restrain: 4294967295 kbps MAC Learning : Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel1 0x5000001 Manual Disabled Tunnel2 0x5000002 Manual...

  • Page 90: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 91: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 92: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 93: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 94 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 95: Index

    Index VXLAN VTEP IP gateway group (centralized), confining access port VXLAN local flood, VXLAN VTEP access port, connecting active VXLAN OVSDB controller connection, VXLAN OVSDB SSL connection, VXLAN OVSDB SSL connection (active), VXLAN OVSDB TCP connection, VXLAN OVSDB SSL connection (passive), address VXLAN OVSDB TCP connection (active), VXLAN MAC address entry management,...
  • Page 96 format VXLAN IPv6 gateway configuration (distributed), VXLAN packet format, VXLAN VSI interface configuration, forwarding VXLAN VTEP IP gateway group (centralized), VXLAN traffic forwarding, VXLAN VTEP IP gateway group configuration VXLAN tunnel assignment, (centralized), frame IPv4 VXLAN local flood confine, 17, VXLAN IPv4 gateway configuration (distributed), VXLAN network model,...
  • Page 97 VXLAN MAC address learning, VXLAN IP gateway configuration, VXLAN remote-MAC address learning, VXLAN IP gateway configuration (centralized), 40, VXLAN static remote-MAC address entry, VXLAN IP gateway configuration (distributed), MAC-in-UDP VXLAN IP gateway group configuration VXLAN ARP flood suppression, (centralized), VXLAN basic configuration, 10, VXLAN IPv4 gateway configuration VXLAN configuration (multicast mode), (distributed),...
  • Page 98 VTEP configuration (flood proxy), configuring VXLAN OVSDB VTEP (unicast mode), VTEP configuration (unicast mode), configuring VXLAN packet check, VTEP service enable, configuring VXLAN packet statistics, configuring VXLAN static remote-MAC address packet entry, VXLAN packet check, configuring VXLAN tunnel, VXLAN packet destination UDP port, configuring VXLAN VSI interface, VXLAN packet format, configuring VXLAN VTEP (IGMP host...
  • Page 99 VXLAN OVSDB VTEP configuration (flood VXLAN traffic assignment, proxy), VXLAN traffic forwarding, VXLAN traffic forwarding flood proxy mode, tunneling VXLAN basic configuration, 10, VXLAN network model, reachability VXLAN tunnel assignment, VXLAN remote VM reachability test, VXLAN tunnel configuration, remote VXLAN tunnel global source address, VXLAN remote-MAC address learning, VXLAN static remote-MAC address entry, restrictions...
  • Page 100 VXLAN OVSDB controller connection, OVSDB server enable, VXLAN OVSDB VTEP OVSDB SSL connection (active), configuration, 74, 74, OVSDB SSL connection (passive), VXLAN OVSDB VTEP service enable, OVSDB TCP connection (active), VXLAN VTEP configuration (IGMP host OVSDB TCP connection (passive), method), OVSDB VTEP configuration, 74, 74, VXLAN VTEP configuration (PIM method), OVSDB VTEP configuration (flood proxy),...

Table of Contents