Page 1
H3C CR16000-F Routers Comware 7 VXLAN Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: CR16000-CMW710-R7951P01 or later Document version: 6W100-20191122...
Page 2
The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
Page 3
Preface This command reference describes the commands of VXLAN. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...
Page 4
Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
Page 5
Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.
VXLAN commands Basic VXLAN commands ac statistics enable Use ac statistics enable to enable packet statistics for a Layer 3 interface that acts as an AC. Use undo ac statistics enable to disable packet statistics for a Layer 3 interface that acts as an AC.
Default ARP flood suppression is disabled. Views VSI view Predefined user roles network-admin Usage guidelines ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs. This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses.
Related commands display l2vpn vsi display arp suppression vsi Use display arp suppression vsi to display ARP flood suppression entries. Syntax In standalone mode: display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ] In IRF mode: display arp suppression vsi [ name vsi-name ] [ chassis chassis-number slot slot-number ] [ count ] Views...
Related commands arp suppression enable reset arp suppression vsi display igmp host group Use display igmp host group to display information about the multicast groups that contain IGMP host-enabled interfaces. Syntax display igmp host group [ group-address | interface interface-type interface-number ] [ verbose ] Views Any view...
IGMP host groups in total: 2 Group: 225.1.1.1 Group mode: Exclude Member state: Idle Expires: Off Source list (sources in total: 0): Group: 225.1.1.2 Group mode: Exclude Member state: Idle Expires: Off Source list (sources in total: 0): Table 2 Command output Field Description Total number of multicast groups that contain IGMP host-enabled...
Page 13
Views Any view Predefined user roles network-admin network-operator Parameters vsi vsi-name : Specifies a VSI name, a case-sensitive string of 1 to 31 characters. interface-type interface-number : Specifies an interface by its type and number. verbose : Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, the command displays brief information about Layer 3 interfaces.
Errors Discards: 0 Output Statistics: Octets Packets : 0 Errors Discards: 0 Table 4 Command output Field Description Interface Layer 3 interface name. Owner VSI name. Link ID The interface's link ID on the VSI. Physical state of the interface: •...
Page 15
Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number : Specifies an interface by its interface type and number. service-instance instance-id : Specifies an Ethernet service instance by its ID in the range of 1 to 4096. Do not specify this option if a Layer 3 interface is specified. If you specify a Layer 2 Ethernet interface or Layer 2 aggregate interface, you must specify this option.
Field Description • Static—Static remote-MAC entry. • EVPN—Remote-MAC entry advertised through BGP EVPN. • OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. For a local MAC address, this field displays the AC's link ID on the VSI. Link ID/Name For a remote MAC address, this field displays the tunnel interface name.
Page 17
Table 6 Command output Field Description Total number of attachment circuits (ACs) and the number of ACs in each state Total number of ACs (up or down). Interface Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface. SrvID Ethernet service instance ID.
Field Description • Down. Whether the device is the designated forwarder for the AC at a multihomed EVPN site: • BDF—The device is a backup designated forwarder. DF State • DF—The device is the designated forwarder. This field is not displayed if no Ethernet segment identifiers are configured on the interface.
Page 19
VSI Name VSI Index State vpna 1500 Table 8 Command output Field Description MTU on the VSI. VSI state: • Up—The VSI is up. • State Down—The VSI is down. • Admin down—The VSI has been manually shut down by using the shutdown command.
Field Description Bandwidth Maximum bandwidth (in kbps) for known unicast traffic on the VSI. Broadcast Restrain Broadcast restraint bandwidth (in kbps). Multicast Restrain Multicast restraint bandwidth (in kbps). Unknown Unicast Unknown unicast restraint bandwidth (in kbps). Restrain MAC Learning State of the MAC learning feature. MAC Table Limit Maximum number of MAC address entries on the VSI.
Page 21
Syntax display vxlan tunnel [ vxlan-id vxlan-id [ tunnel tunnel-number ] ] Views Any view Predefined user roles network-admin network-operator Parameters vxlan-id : Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.
Octets : 0 Packets: 0 Table 10 Command output Field Description Link ID Tunnel's link ID in the VXLAN. Tunnel state: • Up—The tunnel is operating correctly. • Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the State tunnel is blocked because the primary proxy tunnel is operating correctly.
Predefined user roles network-admin Parameters s-vid vlan-id : Matches frames that are tagged with the specified outer 802.1Q VLAN ID. The value range for the vlan-id argument is 1 to 4094. Usage guidelines To change the match criterion, first execute the undo encapsulation command to remove the original criterion.
To confine flood traffic to the site-facing interfaces, use this command to disable flooding on the VSI bound to the VXLAN. The VSI will not flood the corresponding frames to VXLAN tunnel interfaces. Examples # Disable flooding for VSI vsi1. <Sysname>...
To forward multicast traffic correctly, you must use the source IP address of an up VXLAN tunnel as the source IP address for multicast VXLAN packets. For multicast-mode VXLANs, transport network devices must maintain multicast group and forwarding information. To reduce the multicast forwarding entries maintained by transport network devices, assign a multicast group address to multiple VXLANs.
Views System view Predefined user roles network-admin Parameters interval : Specifies an interval value in the range of 30 to 65535 seconds. Usage guidelines As a best practice, set the VXLAN statistics collection interval to a value smaller than 3600 seconds (1 hour).
• Advertisement through by BGP EVPN. Do not configure static remote-MAC entries for VXLAN tunnels that are automatically established by using EVPN. • EVPN re-establishes VXLAN tunnels if the transport-facing interface goes down and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.
Syntax reset l2vpn statistics ac [ interface interface-type interface-number [ service-instance instance-id ] ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number : Specifies an interface by its type and number. service-instance instance-id : Specifies an Ethernet service instance ID in the range of 1 to 4096.
Related commands tunnel statistics enable selective-flooding mac-address Use selective-flooding mac-address to enable selective flood for a MAC address. Use undo selective-flooding mac-address to disable selective flood for a MAC address. Syntax selective-flooding mac-address mac-address undo selective-flooding mac-address mac-address Default Selective flood is disabled for all MAC addresses. Views VSI view Predefined user roles...
Views Layer 2 aggregate interface view Layer 2 Ethernet interface view Predefined user roles network-admin Parameters instance-id : Specifies an Ethernet service instance ID in the range of 1 to 4096. Examples # On the Layer 2 Ethernet interface GigabitEthernet 3/1/1, create Ethernet service instance 1 and enter Ethernet service instance view.
statistics enable (Ethernet service instance view) Use statistics enable to enable packet statistics for an Ethernet service instance. Use undo statistics enable to disable packet statistics for an Ethernet service instance. Syntax statistics enable undo statistics enable Default The packet statistics feature is disabled for an Ethernet service instance. Views Ethernet service instance view Predefined user roles...
<Sysname> system-view [Sysname] vsi vpna [Sysname-vsi-vpna] vxlan 10000 [Sysname-vsi-vpna-vxlan-10000] tunnel 0 [Sysname-vsi-vpna-vxlan-10000] tunnel 1 Related commands display vxlan tunnel tunnel global source-address Use tunnel global source-address to specify a global source address for VXLAN tunnels. Use undo tunnel global source-address to restore the default. Syntax tunnel global source-address ipv4-address undo tunnel global source-address...
Default The packet statistics feature is disabled for the VXLAN tunnels associated with a VSI. Views VSI view Predefined user roles network-admin Usage guidelines This command enables packet statistics only for VXLAN tunnels. It does not take effect on VXLAN-DCI tunnels. When the packet statistics feature is enabled for VXLAN tunnels, use the display vxlan tunnel vxlan-id vxlan-id tunnel tunnel-number command to view packet statistics of VXLAN tunnels.
Examples # Enable packet statistics for automatically created VXLAN tunnels. <Sysname> system-view [Sysname] tunnel statistics vxlan auto Related commands display interface tunnel (Layer 3—IP Services Command Reference) reset counters interface tunnel (Layer 3—IP Services Command Reference) statistics enable (tunnel interface view) Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.
Syntax vxlan vxlan-id undo vxlan Default No VXLANs exist. Views VSI view Predefined user roles network-admin Parameters vxlan-id : Specifies a VXLAN ID in the range of 0 to 16777215. Usage guidelines You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique. Examples # Create VXLAN 10000 for VSI vpna and enter VXLAN view.
To configure the access mode, use the xconnect vsi command. Examples # Enable the device to drop VXLAN packets that have 802.1Q VLAN tags. <Sysname> system-view [Sysname] vxlan invalid-vlan-tag discard Related commands xconnect vsi vxlan tunnel arp-learning disable Use vxlan tunnel arp-learning disable to disable remote ARP learning for VXLANs. Use undo vxlan tunnel arp-learning disable to enable remote ARP learning for VXLANs.
Default Remote-MAC address learning is enabled. Views System view Predefined user roles network-admin Usage guidelines When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane. Examples # Disable remote-MAC address learning. <Sysname>...
Use undo vxlan udp-port to restore the default. Syntax vxlan udp-port port-number undo vxlan udp-port Default The destination UDP port number is 4789 for VXLAN packets. Views System view Predefined user roles network-admin Parameters port-number : Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.
Page 41
vlan : Specifies the VLAN access mode. track track-entry-number&<1-3> : Specifies a space-separated list of up to three track entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry is in positive state.
[Sysname-GigabitEthernet3/1/1] xconnect vsi vpn1 Related commands display l2vpn interface display l2vpn service-instance encapsulation VXLAN IP gateway commands arp distributed-gateway dynamic-entry synchronize Use arp distributed-gateway dynamic-entry synchronize to enable dynamic ARP entry synchronization for distributed VXLAN IP gateways. Use undo arp distributed-gateway dynamic-entry synchronize to disable dynamic ARP entry synchronization for distributed VXLAN IP gateways.
Use undo arp send-rate to remove the ARP packet sending rate limit for a VSI interface. Syntax arp send-rate pps undo arp send-rate Default The ARP packet sending rate is not limited for a VSI interface. Views VSI interface view Predefined user roles network-admin Parameters...
Examples # Set the expected bandwidth to 10000 kbps for VSI-interface 100. <Sysname> system-view [Sysname] interface vsi-interface 100 [Sysname-Vsi-interface100] bandwidth 10000 default Use default to restore the default settings for a VSI interface. Syntax default Views VSI interface view Predefined user roles network-admin Usage guidelines CAUTION:...
Views VSI interface view Predefined user roles network-admin Parameters text : Specifies a description, a case-sensitive string of 1 to 255 characters. Examples # Configure the description as gateway for VXLAN 10 for VSI-interface 100. <Sysname> system-view [Sysname] interface vsi-interface 100 [Sysname-Vsi-interface100] description gateway for VXLAN 10 display interface vsi-interface Use display interface vsi-interface to display information about VSI interfaces.
Page 46
Maximum transmission unit: 1500 Internet address: 10.1.1.1/24 (primary) IP packet frame type: Ethernet II, hardware address: 0011-2200-0102 IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102 Physical: Unknown, baudrate: 1000000 kbps Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops...
Page 47
Field Description • Number of dropped incoming packets. Outgoing traffic statistics on the interface: • Number of outgoing packets. Output: 0 packets, 0 bytes, 0 drops • Number of outgoing bytes. • Number of dropped outgoing packets. # Display brief information about all VSI interfaces. <Sysname>...
Field Description Cause for the physical link state of an interface to be DOWN: • Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the Cause undo shutdown interface, use the command.
Default No subnet is assigned to a VSI. Views VSI view Predefined user roles network-admin Parameters ipv4-address : Specifies an IPv4 subnet address in dotted-decimal notation. wildcard-mask : Specifies a wildcard mask in dotted decimal notation. In contrast to a network mask, the 0 bits in a wildcard mask represent "do care"...
Parameters vsi-interface-id : Specifies a VSI interface by its number. The value range for this argument is 1 to 16383. Usage guidelines A VSI can have only one gateway interface. Multiple VSIs can share a gateway interface. For multiple VSIs to share a VSI interface, you must assign IP addresses of different subnets to the VSI interface and specify a subnet for each VSI.
Views VSI interface view Predefined user roles network-admin Parameters mac-address : Specifies a MAC address in H-H-H format. Examples # Assign MAC address 0001-0001-0001 to VSI-interface 100. <Sysname> system-view [Sysname] interface vsi-interface 100 [Sysname-Vsi-interface100] mac-address 1-1-1 Use mtu to set the MTU for a VSI interface. Use undo mtu to restore the default.
Predefined user roles network-admin Parameters vsi-interface [ vsi-interface-id ] : Specifies VSI interfaces. If you specify a VSI interface, this command clears packet statistics on the specified interface. If you specify only the vsi-interface keyword, this command clears packet statistics on all VSI interfaces. If you do not specify the vsi-interface [ vsi-interface-id ] option, this command clears packet statistics on all interfaces.
Default A VTEP is not assigned to any VTEP group. Views System view Predefined user roles network-admin Parameters group-ip : Specifies a VTEP group by its group IP address. The IP address must already exist on the local VTEP. member-ip : Specifies the member VTEP IP address for the local VTEP. The IP address must already exist on the local VTEP.
Page 55
Related commands vtep group member local...