Page 1
HP 6127XLG Blade Switch Series VXLAN Command Reference Part number: 797722-001 Software version: Release 2418P03 Document version: 6W100-20150806...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 4
····················································································································································· 67 vtep enable ···························································································································································· 67 vxlan tunnel service node ····································································································································· 68 Support and other resources ····································································································································· 69 Contacting HP ································································································································································ 69 Subscription service ·············································································································································· 69 Related information ························································································································································ 69 Documents ······························································································································································ 69 ...
Syntax description text undo description Default A VSI does not have a description. Views VSI view Predefined user roles network-admin Parameters text: Specifies the VSI description, a case-sensitive string of 1 to 80 characters. Examples # Configure a description for the VSI vpn1. <Sysname>...
1.1.1.2 000f-e201-0101 vsi1 0x5000003 1.1.1.3 000f-e201-0202 vsi1 0x5000004 1.1.1.4 000f-e201-0203 vsi2 0x5000005 # Display the number of ARP flood suppression entries on the master device. <Sysname> display arp suppression vsi count Total entries: 3 Table 1 Command output Field Description Link ID Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Page 8
Examples # Display brief information about all multicast groups that contain IGMP host-enabled interfaces. <Sysname> display igmp host group IGMP host groups in total: 2 Vlan-interface10(1.1.1.20): IGMP host groups in total: 2 Group address Member state Expires 225.1.1.1 Idle 225.1.1.2 Idle # Display detailed information about all multicast groups that contain IGMP host-enabled interfaces.
NOTE: IP Multicast Configuration Guide For more information about the command output, see IGMP in Related commands igmp host enable display l2vpn mac-address Use display l2vpn mac-address to display MAC address entries for VSIs. Syntax display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ] Views Any view Predefined user roles...
Table 3 Command output Field Description Entry state. • dynamic—Local- or remote-MAC entry dynamically learned in the data plane. • static—Static remote-MAC entry. State • is-is—Remote-MAC entry advertised through VXLAN IS-IS. • openflow—Remote-MAC entry issued by a remote controller through OpenFlow. The Aging field displays Aging for dynamic entries and displays NotAging for static, is-is, and openflow entries.
Page 11
Total number of ACs: 4, 4 up, 0 down Interface SrvID Owner LinkID State Type XGE1/0/3 vsi10 XGE1/0/3 vsi11 XGE1/0/3 vsi12 XGE1/0/3 vsi13 Table 4 Command output Field Description Total number of attachment circuits (ACs) and the number of ACs in each state (up Total number of ACs or down).
Page 12
Input Statistics: Octets Packets Output Statistics: Octets Packets Service Instance: 3 Encapsulation : s-vid 2000 c-vid 1016 VSI Name : vsi12 Link ID State : Up Statistics : Enabled Input Statistics: Octets Packets Output Statistics: Octets Packets Table 5 Command output Field Description Interface...
display l2vpn vsi Use display l2vpn vsi to display information about VSIs. Syntax display l2vpn vsi [ name vsi-name ] [ verbose ] Views Any view Predefined user roles network-admin network-operator Parameters name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, the command displays information about all VSIs.
Page 14
XGE1/0/1 srv1000 Table 6 Command output Field Description Description of the VSI. If the VSI does not have a description, the command does not VSI Description display this field. VSI state: • Up—The VSI is up. A VSI is up only when its VXLAN has an up VXLAN tunnel and an up AC.
Field Description Flood proxy state: • Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and Flooding proxy unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. •...
Tunnel2 0x5000002 Manual/Auto Disabled MTunnel0 0x6002710 Auto Disabled Table 7 Command output Field Description Link ID Tunnel's link ID in the VXLAN. Tunnel state: • Up—The tunnel is operating correctly. • Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly.
Views Ethernet service instance view Predefined user roles network-admin Parameters default: Matches any frames. tagged: Matches any frames that have an 802.1Q VLAN tag. untagged: Matches any frames that do not have an 802.1Q VLAN tag. s-vid vlan-id: Matches frames that are tagged with the specified outer 802.1Q VLAN ID. The vlan-id argument specifies a 802.1Q VLAN ID in the range of 1 to 4094.
Use undo flooding disable to restore the default. Syntax flooding disable undo flooding disable Default Flooding is enabled for a VSI. Views VSI view Predefined user roles network-admin Usage guidelines By default, the device floods unknown unicast frames received from the local site to the following interfaces in the frame's VXLAN: All interfaces in the local site except for the incoming interface.
Parameters group-address: Specifies a multicast address in the range of 224.0.1.0 to 239.255.255.255. source source-address: Specifies a source IP address for multicast VXLAN packets. Usage guidelines VXLAN flood traffic includes multicast, broadcast, and unknown unicast frames. The following are methods available for the VTEP to flood traffic to remote sites: Unicast mode—Also called head-end replication.
Default The IGMP host function is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines For this command to take effect, you must use the multicast routing command to enable IP multicast routing. You must configure an interface as an IGMP host if its IP address is the source IP address of multicast VXLAN packets.
reset arp suppression vsi Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs. Syntax reset arp suppression vsi [ name vsi-name ] Views User view Predefined user roles network-admin Parameters name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.
Related commands display l2vpn mac-address vsi selective-flooding mac-address Use selective-flooding mac-address to enable selective flood for a MAC address. Use undo selective-flooding mac-address to disable selective flood for a MAC address. Syntax selective-flooding mac-address mac-address undo selective-flooding mac-address mac-address Default Selective flood is not enabled for any MAC addresses.
Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Parameters instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096. Examples # On the Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.
tunnel Use tunnel to assign a VXLAN tunnel to a VXLAN. Use undo tunnel to remove a VXLAN tunnel from a VXLAN. Syntax tunnel tunnel-number [ flooding-proxy ] undo tunnel tunnel-number Default A VXLAN does not contain VXLAN tunnels. Views VXLAN view Predefined user roles network-admin...
Related commands display vxlan tunnel tunnel bfd enable Use tunnel bfd enable to enable BFD on a VXLAN tunnel interface. Use undo tunnel bfd enable to restore the default. Syntax tunnel bfd enable destination-mac mac-address undo tunnel bfd enable Default BFD is disabled on a VXLAN tunnel interface.
Default No global source address is specified for VXLAN tunnels. Views System view Predefined user roles network-admin Parameters ipv4-address: Specifies an IPv4 address. Usage guidelines A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for a VXLAN tunnel.
[Sysname] vsi vxlan10 [Sysname-vsi-vxlan10] Related commands display l2vpn vsi vtep group member remote Use vtep group member remote to specify a VXLAN VTEP group and its member VTEPs. Use undo vtep group member remote to restore the default. Syntax vtep group group-ip member remote member-ip&<1-8> undo vtep group group-ip member remote Default No VXLAN VTEP group is specified on the device.
Parameters vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. Usage guidelines You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique. Examples # Create VXLAN 10000 for VSI vpna and enter VXLAN view. <Sysname>...
vxlan invalid-vlan-tag discard Use vxlan invalid-vlan-tag discard to enable the device to drop the VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header. Use undo vxlan invalid-vlan-tag discard to restore the default. Syntax vxlan invalid-vlan-tag discard undo vxlan invalid-vlan-tag discard Default The device does not check whether a VXLAN packet has 802.1Q VLAN tags in the inner Ethernet header.
ARP learning when the controller and VTEPs are synchronizing entries. After the entry synchronization is completed, use the undo vxlan tunnel arp-learning disable command to enable remote ARP learning. HP recommends that you disable remote ARP learning for VXLANs only when the controller and VTEPs are synchronizing entries.
Parameters port-number: Specifies a UDP port number in the range of 1 to 65535. To avoid conflict with well-known ports, HP recommends that you specify a port number in the range of 1024 to 65535. Usage guidelines You must configure the same destination UDP port number on all VTEPs in a VXLAN.
[Sysname] vxlan udp-port 6666 xconnect vsi Use xconnect vsi to map an Ethernet service instance to a VSI. Use undo xconnect vsi to remove the mapping between an Ethernet service instance and a VSI. Syntax xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] undo xconnect vsi Default An Ethernet service instance is not mapped to any VSI.
For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags. In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.
Page 35
remote client-ip: Specifies the IPv4 address of an ENDP neighbor. server server-ip: Specifies the IPv4 address of an ENDS. Usage guidelines Each ENDP neighbor entry includes the IPv4 address, bridge MAC address, entry creation time, aging time, and VXLAN tunnel status of a neighbor. If you do not specify any parameters, this command displays IPv4 neighbor entries that all local ENDCs have learned.
display vxlan neighbor-discovery server member Use display vxlan neighbor-discovery server member to display information about ENDP neighbors that have registered with an ENDS on the device. Syntax display vxlan neighbor-discovery server member [ interface tunnel interface-number | local local-ip | remote client-ip ] Views Any view...
12.0.0.1 000F-0002-0001 2011/01/01 03:20:30 12.0.0.2 000F-0002-0002 2011/01/01 03:20:43 12.0.0.3 000F-0002-0003 2011/01/01 03:27:46 Table 11 Command output Field Description Interface Name of the ENDS-enabled NVE tunnel interface. Network ID NVE tunnel network ID. IP Address IPv4 address of the ENDS. Client Address IPv4 address of the neighbor.
Table 12 Command output Field Description Packets received by the ENDS: • Received packets Register—Registration requests received from ENDCs. • Purge—Deregistration packets received from ENDCs. Packets sent by the ENDS: • Sent packets Reply—Registration replies sent to ENDCs. • Error—ENDP packets that have errors. display vxlan neighbor-discovery server summary Use display vxlan neighbor-discovery server summary to display ENDS information.
Related commands vxlan neighbor-discovery authentication • vxlan neighbor-discovery server enable • network-id Use network-id to assign a network ID to an NVE tunnel interface. Use undo network-id to remove the network ID of an NVE tunnel interface. Syntax network-id network-id undo network-id Default No network ID is assigned to an NVE tunnel interface.
Views Tunnel interface view Predefined user roles network-admin Parameters cipher: Specifies an authentication key in encrypted form. simple: Specifies an authentication key in plaintext form. password: Specifies the authentication key. Its plaintext form must be a case-sensitive string of 1 to 24 characters.
ENDSs work independently. The failure of one ENDS does not affect the neighbor discovery. HP recommends that you configure different ENDSs for two ENDCs on the VTEP if the ENDCs use the same IP address but different network IDs.
ENDC register timer—Sets the interval for an ENDC to update its registration with an ENDS. This • timer defaults to 15 seconds and can be changed by using the vxlan neighbor-discovery client register-interval command on ENDCs. • Registration aging timer—This timer is five times the ENDC register timer. This timer is maintained on ENDSs.
Field Description Running status of the VXLAN IS-IS process: • Enabled—MAC address synchronization or VXLAN auto-negotiation is State enabled. The VXLAN IS-IS process is running. • Disabled—MAC address synchronization and VXLAN auto-negotiation are disabled. The VXLAN IS-IS process is not running. display vxlan isis graceful-restart status Use display vxlan isis graceful-restart status to display the GR state of the VXLAN IS-IS process.
Field Description Restart phase: • Initialization—VXLAN IS-IS process is initializing. • LSDB synchronization—Peer VXLAN IS-IS processes are synchronizing LSDBs. • MAC receiving—VXLAN IS-IS process is receiving reported local MAC addresses. Restart phase • LSP stable—VXLAN IS-IS process is generating LSPs. •...
Syntax display vxlan isis local-mac dynamic [ [ vxlan-id vxlan-id ] [ count ] ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the dynamic MAC addresses for the local site. vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, the command displays local MAC reachability information for all VXLANs.
Page 49
lsp-id lspid: Specifies an LSP identifier in the SYSID.Pseudonode ID-fragment num format, where sysID represents the originating node or pseudo node, and Pseudo ID is separated by a dot from sysID and by a hyphen from fragment num. verbose: Displays detailed information about LSPs in the LSDB. If you do not specify this keyword, the command displays LSP summaries.
Field Description LSP credibility: • 0—No conflict existed when the MAC entry was created. Confidence • 1—The MAC entry conflicts with an existing entry. The entry with a confidence of 0 is more trustworthy than the entry with a confidence of 1. display vxlan isis peer Use display vxlan isis peer to display VXLAN IS-IS neighbor information.
Field Description DED priority of the neighbor. On each VXLAN tunnel, the VTEP with higher DED Neighbour DED Priority priority is elected the DED. Uptime The amount of time that the adjacency with the neighbor has lasted. display vxlan isis remote-mac Use display vxlan isis remote-mac to display remote MAC reachability information maintained by VXLAN IS-IS.
Views Any view Predefined user roles network-admin network-operator Parameters vxlan-id: Specifies a remote VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, the command displays information about all VXLANs. count: Displays the number of remote VXLANs that match the command. Examples # Display information about all VXLANs.
Page 54
Parameters tunnel-number: Specifies a VXLAN tunnel interface by its number. If you do not specify a VXLAN tunnel interface, the command displays VXLAN IS-IS settings on all VXLAN tunnel interfaces. Examples # Display VXLAN IS-IS settings on Tunnel 101. <Sysname> display vxlan isis tunnel 101 Tunnel101 MTU: 1400 DED: Yes...
graceful-restart Use graceful-restart to enable Graceful Restart for the VXLAN IS-IS process. Use undo graceful-restart to disable Graceful Restart for the VXLAN IS-IS process. Syntax graceful-restart undo graceful-restart Default Graceful Restart is disabled. Views VXLAN IS-IS view Predefined user roles network-admin Usage guidelines Enable Graceful Restart for the peer VXLAN IS-IS processes at two ends of the VXLAN tunnel.
Parameters interval-value: Specifies a GR restart interval in the range of 30 to 1800 seconds. Usage guidelines This command sets the T2 timer to control the maximum amount of time for LSDB synchronization during a restart. The device advertises the T2 timer as the adjacency hold time to its neighbor during a GR process. Before the timer expires, the neighbor maintains the adjacency with the device.
mac-synchronization enable Use mac-synchronization enable to enable MAC reachability information advertisement through VXLAN IS-IS. Use undo mac-synchronization enable to restore the default. Syntax mac-synchronization enable undo mac-synchronization enable Default VXLAN IS-IS does not advertise MAC reachability information between VTEPs. Views VXLAN IS-IS view Predefined user roles network-admin...
Examples # Enable VXLAN autonegotiation through VXLAN IS-IS. <Sysname> system-view [Sysname] vxlan-isis [Sysname-vxlan-isis] negotiate-vni enable overlay isis ded-priority Use overlay isis ded-priority to change the DED priority of the VTEP on a VXLAN tunnel interface. Use undo overlay isis ded-priority to restore the default DED priority. Syntax overlay isis ded-priority value undo overlay isis ded-priority...
Default The CSNP interval is 10 seconds. Views VXLAN tunnel interface view, NVE tunnel interface view Predefined user roles network-admin Parameters seconds: Specifies an interval in the range of 1 to 600 seconds. Usage guidelines The setting takes effect only if the VTEP is the DED on the tunnel. The DED sends CSNP packets at the specified interval to advertise LSP summaries to the remote VTEP for LSDB synchronization.
Examples # Set the VXLAN IS-IS hello interval to 6 seconds on Tunnel 101. <Sysname> system-view [Sysname] interface tunnel 101 [Sysname-tunnel101] overlay isis timer hello 6 Related commands display vxlan isis tunnel overlay isis timer holding-multiplier Use overlay isis timer holding-multiplier to set the hello multiplier for calculating the VXLAN IS-IS adjacency hold time.
Related commands overlay isis timer hello overlay isis timer lsp Use overlay isis timer lsp to set the minimum LSP sending interval and the maximum number of LSPs that can be sent at each interval. Use undo overlay isis timer lsp to restore the default. Syntax overlay isis timer lsp time [ count count ] undo overlay isis timer lsp...
Syntax reserved vxlan vxlan-id undo reserved vxlan Default No VXLAN has been reserved. Views System view Predefined user roles network-admin Parameters vxlan-id: Specifies a VXLAN ID in the range of 1 to 16777215. Usage guidelines You can specify only one reserved VXLAN on the VTEP. All VSIs on the VTEP use the reserved VXLAN to send and receive VXLAN IS-IS packets.
timer lsp-max-age Use timer lsp-max-age to specify the maximum lifetime of LSPs generated by the VTEP. Use undo timer lsp-max-age to restore the default. Syntax timer lsp-max-age seconds undo timer lsp-max-age Default The maximum LSP lifetime is 1200 seconds. Views VXLAN IS-IS view Predefined user roles network-admin...
Predefined user roles network-admin Parameters seconds: Specifies the LSP refresh interval in the range of 1 to 65534 seconds. Usage guidelines Each VTEP updates the LSPs that they generated at the LSP refresh interval to maintain LSDB consistency across the VXLAN network. To avoid unnecessary LSP age-outs at remote VTEPs, make sure the LSP refresh interval is shorter than the LSP lifetime.
To increase this number to include all local MAC address entries, create virtual systems. Each virtual system represents an increase of 55 x 2 MAC address entries. Examples # Create the virtual system 0001.0001.0001. <Sysname> system-view [Sysname] vxlan-isis [Sysname-vxlan-isis] virtual-system 0001.0001.0001 Related commands display vxlan isis brief vxlan-isis...
Use undo ovsdb server ca-certificate to remove the CA certificate file setting for SSL. Syntax ovsdb server ca-certificate ca-filename [ bootstrap ] undo ovsdb server ca-certificate Default No CA certificate file is specified. Views System view Predefined user roles network-admin Parameters ca-filename: Specifies the CA certificate file name, a case-insensitive string.
Usage guidelines You must specify a certificate file for establishing active or passive OVSDB SSL connections. This command takes effect after you execute the ovsdb server enable command. Examples # Specify a certificate file for SSL. <Sysname> system-view [Sysname] ovsdb server certificate flash:/ovsclient-cert.pem ovsdb server enable Use ovsdb server enable to enable the OVSDB server.
Views System view Predefined user roles network-admin Parameters key-filename: Specifies the key file name, a case-insensitive string. The file name cannot contain the slot string. Usage guidelines You must specify a key file for establishing active or passive OVSDB SSL connections. This command takes effect after you execute the ovsdb server enable command.
<Sysname> system-view [Sysname] ovsdb server pssl port 6632 ovsdb server ptcp Use ovsdb server ptcp to enable the device to listen for OVSDB TCP connection requests. Use undo ovsdb server ptcp to disable the device to listen for OVSDB TCP connection requests. Syntax ovsdb server ptcp port [ port-number ] undo ovsdb server ptcp...
Predefined user roles network-admin Parameters ssl ipv4-address: Specifies the destination IPv4 address for the SSL connection. port port-number: Specifies the destination port for the SSL connection. The value range for the port-number argument is 1 to 65535. Usage guidelines Before you use this command, specify a key file, certificate file, and CA certificate file for SSL. The device can have a maximum of eight active SSL connections.
[Sysname] ovsdb server tcp 10.0.2.15 port 6632 vtep access port Use vtep access port to specify a site-facing interface as a VTEP access port. Use undo vtep access port to restore the default. Syntax vtep access port undo vtep access port Default An interface is not a VTEP access port.
Examples # Enable VTEP mode. <Sysname> system-view [Sysname] vtep enable vxlan tunnel service node Use vxlan tunnel service node to enable flood proxy on multicast VXLAN tunnels. Use undo vxlan tunnel service node to disable flood proxy on multicast VXLAN tunnels. Syntax vxlan tunnel service node undo vxlan tunnel service node...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 75
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index A D E F G I L M N O R S T V W X arp suppression enable,1 l2vpn enable,16 log-peer-change enable,52 description,1 display arp suppression mac-address static,17 vsi,2 display igmp host group,3 mac-synchronization enable,53 display l2vpn mac-address,5 display l2vpn service-instance,6 negotiate-vni...