H3C S7500E-XS Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S7500E-XS Series
  6. Configuration manual

H3C S7500E-XS Series Configuration Manual

Hide thumbs Also See for S7500E-XS Series:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C S7500E-XS Switch Series
VXLAN
Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: S7500EXS-CMW710-R7178
Document version: 6W100-20160118

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S7500E-XS Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S7500E-XS Series

Summary of Contents for H3C S7500E-XS Series

  • Page 1 H3C S7500E-XS Switch Series VXLAN Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: S7500EXS-CMW710-R7178 Document version: 6W100-20160118...
  • Page 2 , H3CS, H3CIE, H3CNE, Aolynk, Care, , IRF, NetPilot, Netflow, SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 (VXLAN) is a MAC-in-UDP technology that provides Layer 2 connectivity between distant network sites across an IP network. This preface includes the following topics about the documentation: • Audience. • Conventions. • About the H3C S7500E-XS documentation set. • Obtaining documentation. • Technical support.
  • Page 4 GUI conventions Convention Description Window names, button names, field names, and menu items are in Boldface. For Boldface example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > > Folder.
  • Page 5 Description Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG card. About the H3C S7500E-XS documentation set The H3C S7500E-XS documentation set includes the following categories of documents: Category Documents Purposes Product description and Marketing brochures Describes product specifications and benefits.
  • Page 6 Obtaining documentation Access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the following links to obtain different categories of product documentation: [Technical Documents]—Provides hardware installation, software upgrading, and software feature configuration and maintenance documentation.

  • Page 7: Table Of Contents

    Contents VXLAN overview ····························································································· 1     VXLAN network model ······································································································································· 1   VXLAN packet format ········································································································································ 2   Working mechanisms ········································································································································· 3   VXLAN tunnel establishment and assignment ··························································································· 3   Assignment of traffic to VXLANs ················································································································ 3   MAC learning ·············································································································································...

  • Page 8: Vxlan Overview

    The transport edge devices are VXLAN tunnel endpoints (VTEP). They can be servers that host VMs or independent network devices. An H3C VTEP uses VSIs and VXLAN tunnels to provide VXLAN services. • VSI—A virtual switching instance is a virtual Layer 2 switched domain. Each VSI provides switching services only for one VXLAN.

  • Page 9: Vxlan Packet Format

    Figure 1 VXLAN network model VXLAN packet format As shown in Figure 2, a VTEP encapsulates a frame in the following headers: • 8-byte VXLAN header—VXLAN information for the frame. Flags—If the I bit is 1, the VXLAN ID is valid. If the I bit is 0, the VXLAN ID is invalid. All other bits are reserved and set to 0.

  • Page 10: Working Mechanisms

    Working mechanisms The VTEP uses the following process to forward an inter-site frame: Assigns the frame to its matching VXLAN if the frame is sent between sites. Performs MAC learning on the VXLAN's VSI. Forwards the frame. This section describes this process in detail. For intra-site frames in a VSI, the system performs typical Layer 2 forwarding, and it processes 802.1Q VLAN tags as described in "Access modes of VSIs."...

  • Page 11: Traffic Forwarding

    A VSI's MAC address table includes the following types of MAC address entries: • Local MAC—Dynamic MAC entries learned from the local site. The outgoing interfaces are site-facing interfaces on which the MAC addresses are learned. VXLAN does not support manual local-MAC entries.
  • Page 12 Figure 4 Inter-site unicast Flood The VTEP floods a broadcast, multicast, or unknown unicast frame to all site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface. VXLAN supports the following modes for flood traffic: • Unicast mode—Also called head-end replication. The source VTEP replicates the flood frame, and then sends one replica to the destination IP address of each VXLAN tunnel in the VXLAN.

  • Page 13: Access Modes Of Vsis

    Figure 5 Unicast mode Figure 6 Multicast mode Access modes of VSIs The access mode of a VSI determines how the VTEP processes the 802.1Q VLAN tags in the Ethernet frames.

  • Page 14: Arp Flood Suppression

    • VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags. For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame. For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.

  • Page 15: Protocols And Standards

    VTEP 2 and VTEP 3 de-encapsulate the ARP request. The VTEPs create a suppression entry for VM 1, and broadcast the request in the local site. VM 7 sends an ARP reply. VTEP 2 creates a suppression entry for VM 7 and forwards the ARP reply to VTEP 1. VTEP 1 de-encapsulates the ARP reply, creates a suppression entry for VM 7, and forwards the ARP reply to VM 1.

  • Page 16: Configuring Vxlans

    Configuring VXLANs Feature compatibility requirements When you use VXLAN in conjunction with other features, follow these restrictions and guidelines: • If multiple VXLAN tunnels share a transport-facing interface, make sure the VXLAN tunnels use the same VLAN interface for forwarding. •...

  • Page 17: Creating A Vxlan On A Vsi

    Creating a VXLAN on a VSI Step Command Remarks Enter system view. system-view Enable L2VPN. l2vpn enable By default, L2VPN is disabled. Create a VSI and enter vsi vsi-name By default, no VSIs are created. VSI view. (Optional.) Configure a By default, a VSI does not have a description text VSI description.

  • Page 18: Assigning Vxlan Tunnels To A Vxlan

    Step Command Remarks By default, no source IP address or source interface is specified for a tunnel. This step specifies the source IP address in the Specify a source IP source { ipv4-address | outer IP header of tunneled VXLAN packets. If an address or source interface-type interface is specified, its primary IP address is...

  • Page 19: Mapping An Ethernet Service Instance To A Vsi

    Mapping an Ethernet service instance to a VSI An Ethernet service instance matches a list of VLANs on a site-facing interface. The VTEP assigns customer traffic from the VLANs to a VXLAN by mapping the Ethernet service instance to a VSI. An Ethernet service instance can contain only one match criterion.

  • Page 20: Managing Mac Address Entries

    Step Command Remarks • Match frames that do not match any other service instance on the interface: By default, an Ethernet service encapsulation default instance does not contain a • Match any 802.1Q tagged or frame match criterion. untagged frames: To match frames from a VLAN encapsulation { tagged | correctly, make sure you have...

  • Page 21: Configuring Static Remote-Mac Address Entries

    Configuring static remote-MAC address entries Step Command Remarks Enter system view. system-view By default, VXLAN VSIs do not have static remote-MAC address entries. mac-address static mac-address Add a static remote interface tunnel tunnel-number vsi For the setting to take effect, make entry.

  • Page 22: Confining Unknown-Unicast Floods To The Local Site

    Step Command Remarks By default, a VXLAN uses unicast mode for flood traffic. No multicast group address or source IP address is specified for multicast VXLAN packets. You must assign all VTEPs in a multicast-mode VXLAN to the same multicast group. Assign a multicast group address for flood traffic, For traffic to be forwarded correctly, you...

  • Page 23: Configuring The Destination Udp Port Number Of Vxlan Packets

    Step Command Remarks By default, selective flood is disabled. Use this feature to exclude a remote MAC address from the (Optional.) Enable flood suppression done by using selective-flooding mac-address selective flood for a MAC the flooding disable command. mac-address address. The VTEP will flood the frames destined for the specified MAC address to remote sites when...

  • Page 24: Displaying And Maintaining Vxlans

    The aging timer is fixed at 25 minutes for ARP flood suppression entries. If the suppression table is full, the VTEP stops learning new entries. For the VTEP to learn new entries, you must wait for old entries to age out, or use the reset arp suppression command to clear the table. If the flooding disable command is executed on a VSI that is enabled with ARP flood suppression, follow these restrictions and guidelines: •...

  • Page 25: Vxlan Configuration Examples

    For more information about the display interface tunnel command, see tunneling commands in Layer 3—IP Services Command Reference. VXLAN configuration examples Unicast-mode VXLAN configuration example Network requirements As shown in Figure • Configure VXLAN 10 as a unicast-mode VXLAN on Switch A, Switch B, and Switch C to provide Layer 2 connectivity for the VMs across the network sites.
  • Page 26 [SwitchA-Loopback0] ip address 1.1.1.1 255.255.255.255 [SwitchA-Loopback0] quit # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 1. [SwitchA] interface tunnel 1 mode vxlan [SwitchA-Tunnel1] source 1.1.1.1 [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] quit # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 2. [SwitchA] interface tunnel 2 mode vxlan [SwitchA-Tunnel2] source 1.1.1.1 [SwitchA-Tunnel2] destination 3.3.3.3...
  • Page 27 [SwitchB] interface tunnel 2 mode vxlan [SwitchB-Tunnel2] source 2.2.2.2 [SwitchB-Tunnel2] destination 1.1.1.1 [SwitchB-Tunnel2] quit # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 3. [SwitchB] interface tunnel 3 mode vxlan [SwitchB-Tunnel3] source 2.2.2.2 [SwitchB-Tunnel3] destination 3.3.3.3 [SwitchB-Tunnel3] quit # Assign Tunnel 2 and Tunnel 3 to VXLAN 10.
  • Page 28 # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3. [SwitchC] interface tunnel 3 mode vxlan [SwitchC-Tunnel3] source 3.3.3.3 [SwitchC-Tunnel3] destination 2.2.2.2 [SwitchC-Tunnel3] quit # Assign Tunnel 1 and Tunnel 3 to VXLAN 10. [SwitchC] vsi vpna [SwitchC-vsi-vpna] vxlan 10 [SwitchC-vsi-vpna-vxlan10] tunnel 1 [SwitchC-vsi-vpna-vxlan10] tunnel 3...

  • Page 29: Multicast-Mode Vxlan Configuration Example

    Multicast Restrain Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit Drop Unknown Flooding : Enabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flooding proxy Tunnel1 0x5000001 Manual Disabled Tunnel2 0x5000002 Manual Disabled ACs: Link ID State XGE1/1/1 srv1000...
  • Page 30 Figure 9 Network diagram Switch E Switch D Vlan-int11 Vlan-int13 Vlan-int11 Vlan-int13 XGE1/1/1 XGE1/1/1 Vlan-int21 Vlan-int23 Switch C Switch A Vlan-int21 Vlan-int23 VLAN 2 VLAN 2 Loop0 Switch F VM 1 VM 3 Vlan-int22 Transport Server 1 Server 3 network Vlan-int22 Switch G Vlan-int12...
  • Page 31 [SwitchA] multicast routing [SwitchA-mrib] quit # Create the VSI vpna and VXLAN 10. [SwitchA] vsi vpna [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan10] quit [SwitchA-vsi-vpna] quit # Assign an IP address to VLAN-interface 11, and enable the IGMP host function on the interface. This interface's IP address will be the source IP address of VXLAN packets sent by the VTEP.
  • Page 32 <SwitchB> system-view [SwitchB] l2vpn enable # Enable IP multicast routing. [SwitchB] multicast routing [SwitchB-mrib] quit # Create the VSI vpna and VXLAN 10. [SwitchB] vsi vpna [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan10] quit [SwitchB-vsi-vpna] quit # Assign an IP address to VLAN-interface 12, and enable the IGMP host function on the interface.
  • Page 33 [SwitchB-Ten-GigabitEthernet1/1/1] quit Configure Switch C: # Enable L2VPN. <SwitchC> system-view [SwitchC] l2vpn enable # Enable IP multicast routing. [SwitchC] multicast routing [SwitchC-mrib] quit # Create the VSI vpna and VXLAN 10. [SwitchC] vsi vpna [SwitchC-vsi-vpna] vxlan 10 [SwitchC-vsi-vpna-vxlan10] quit [SwitchC-vsi-vpna] quit # Assign an IP address to VLAN-interface 13, and enable the IGMP host function on the interface.
  • Page 34 # Map Ethernet service instance 1000 to the VSI vpna. [SwitchC-Ten-GigabitEthernet1/1/1-srv1000] xconnect vsi vpna [SwitchC-Ten-GigabitEthernet1/1/1-srv1000] quit [SwitchC-Ten-GigabitEthernet1/1/1] quit Configure Switch D: # Enable IP multicast routing. <SwitchD> system-view [SwitchD] multicast routing [SwitchD-mrib] quit # Enable IGMP and PIM-SM on VLAN-interface 11. [SwitchD] interface vlan-interface 11 [SwitchD-Vlan-interface11] igmp enable [SwitchD-Vlan-interface11] pim sm...
  • Page 35 [SwitchF-Vlan-interface21] pim sm [SwitchF-Vlan-interface21] quit [SwitchF] interface vlan-interface 22 [SwitchF-Vlan-interface22] pim sm [SwitchF-Vlan-interface22] quit [SwitchF] interface vlan-interface 23 [SwitchF-Vlan-interface23] pim sm [SwitchF-Vlan-interface23] quit # Enable BIDIR-PIM. [SwitchF] pim [SwitchF-pim] bidir-pim enable # Configure VLAN-interface 22 as a candidate-BSR, and configure Loopback 0 as a candidate-RP for BIDIR-PIM.
  • Page 36 Tunnel protocol/transport UDP_VXLAN/IP # Verify that the VXLAN tunnels have been assigned to the VXLAN. [SwitchA] display l2vpn vsi verbose VSI Name: vpna VSI Index VSI State : Up : 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit...

  • Page 37: Index

    Index format VXLAN packet format, 2 forwarding VXLAN ARP flood suppression, 7, 16 VXLAN traffic forwarding, 4 VXLAN local flood (unknown-unicast VXLAN tunnel assignment, 11 frames), 15 frame assigning VXLAN local flood (unknown-unicast frames), 15 VXLAN tunnel, 11 IP routing checking VXLAN ARP flood suppression, 7 VXLAN packet check, 16...
  • Page 38 VXLAN Ethernet service instance-VSI, 12 enabling VXLAN local flood (unknown-unicast frames), 15 mode enabling VXLAN local MAC change logging, 13 VXLAN (multicast mode), 14 enabling VXLAN remote-MAC address VXLAN VSI access, 6 learning, 14 multicast maintaining VXLAN, 17 VXLAN configuration, 14 managing MAC address entries, 13 VXLAN configuration (multicast mode), 22 mapping VXLAN Ethernet service...
  • Page 39 VXLAN VSI access mode, 6 VXLAN ARP flood suppression, 7, 16 configuration, 18 configuration (multicast mode), 14, 22 configuration (unicast mode), 18 display, 17 Ethernet service instance-VSI mapping, 12 feature compatibility restrictions, 9 feature configuration, 9 how it works, 3 local flood enable (unknown-unicast frames), 15 MAC address entry management, 13...

Table of Contents