background image

 

25 

Parameters 

vxlan-id

: Specifies a VXLAN ID in the range of 0 to 16777215. 

Usage guidelines 

You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique. 

Examples 

# Create VXLAN 10000 for VSI 

vpna

 and enter VXLAN view. 

<Sysname> system-view 

[Sysname] vsi vpna 

[Sysname-vsi-vpna] vxlan 10000 

[Sysname-vsi-vpna-vxlan-10000] 

Related commands 

vsi

 

vxlan invalid-udp-checksum discard 

Use 

vxlan invalid-udp-checksum discard

 to enable the device to drop the VXLAN packets that fail 

UDP checksum check. 

Use 

undo vxlan invalid-udp-checksum discard

 to restore the default. 

Syntax 

vxlan invalid-udp-checksum discard 

undo vxlan invalid-udp-checksum discard 

Default 

The device does not check the UDP checksum of VXLAN packets. 

Views 

System view 

Predefined user roles 

network-admin 

Usage guidelines 

This command enables the device to check the UDP checksum of VXLAN packets.  

The device always sets the UDP checksum of VXLAN packets to 0. For compatibility with third-party 
devices, a VXLAN packet can pass the check if its UDP checksum is 0 or correct. If its UDP 
checksum is incorrect, the VXLAN packet fails the check and is dropped. 

Examples 

# Enable the device to drop the VXLAN packets that fail UDP checksum check. 

<Sysname> system-view 

[Sysname] vxlan invalid-udp-checksum discard 

Related commands 

vxlan invalid-vlan-tag discard

 

vxlan invalid-vlan-tag discard 

Use 

vxlan invalid-vlan-tag discard

 to enable the device to drop the VXLAN packets that have 

802.1Q VLAN tags in the inner Ethernet header. 

Содержание S6800 Series

Страница 1: ...H3C S6800 Switch Series VXLAN Command Reference Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 24xx Document version 6W102 20151130 ...

Страница 2: ...ine SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statement...

Страница 3: ...d text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separ...

Страница 4: ...OTE An alert that contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Convention Description Represents a generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2...

Страница 5: ...ng SFP SFP QSFP transceiver modules Pluggable modules manual Describes the hot swappable modules available for the H3C switches their external views and specifications Software configuration Configuration guides Describe software features and configuration procedures Command references Provide a quick reference to all available commands Operations and maintenance MIB Companion Describes the MIBs f...

Страница 6: ...Technical support service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments ...

Страница 7: ...18 selective flooding mac address 19 service instance 19 shutdown 20 tunnel 20 tunnel bfd enable 21 tunnel global source address 22 vsi 23 vtep group member remote 24 vxlan 24 vxlan invalid udp checksum discard 25 vxlan invalid vlan tag discard 25 vxlan local mac report 26 vxlan tunnel mac learning disable 27 vxlan udp port 27 xconnect vsi 28 OVSDB commands 29 ovsdb server ca certificate 29 ovsdb ...

Страница 8: ...lood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs This feature snoops ARP packets to populate the ARP flood suppression table for local and remote MAC addresses If an ARP request has a matching entry the VTEP replies to the request on behalf of the VM If no match is found the VTEP floods the request to both local and remote sites Example...

Страница 9: ...etwork admin network operator Parameters name vsi name Specifies a VSI by its name If you do not specify a VSI this command displays entries for all VSIs slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays entries on the master device count Displays the number of ARP flood suppression entries that match the command Examples D...

Страница 10: ... group the command displays information about all multicast groups interface interface type interface number Specifies an interface by its type and number If you do not specify an interface the command displays multicast group information for all interfaces verbose Displays detailed multicast group information If you do not specify this keyword the command displays brief multicast group informatio...

Страница 11: ...multicast groups on the interface Group address Group Address of the multicast group Member state Member state Delay The interface has joined the multicast group and it has started the delay timer for sending IGMP reports Idle The interface has joined the multicast group but it has not started the delay timer for sending IGMP reports The delay timer is not user configurable Expires Remaining delay...

Страница 12: ...entries Examples Display MAC address entries for all VSIs Sysname display l2vpn mac address MAC Address State VSI Name Link ID Name Aging 0000 0000 000a Dynamic vpn1 1 Aging 0000 0000 000b Static vpn1 Tunnel10 NotAging 0000 0000 000c Dynamic vpn1 Tunnel60 Aging 0000 0000 000d Dynamic vpn1 Tunnel99 Aging 4 mac address es found Display the total number of MAC address entries in all VSIs Sysname disp...

Страница 13: ...rfaces service instance instance id Specifies an Ethernet service instance by its ID in the range of 1 to 4096 If you do not specify an Ethernet service instance the command displays information about all Ethernet service instances on the specified interface verbose Displays detailed information about Ethernet service instances If you do not specify this keyword the command displays brief informat...

Страница 14: ...d information about all Ethernet service instances on FortyGigE 1 0 3 Sysname display l2vpn service instance interface fortygige 1 0 3 verbose Interface FGE1 0 3 Service Instance 1 Encapsulation s vid 16 VSI Name vsi10 Link ID 1 State Up Statistics Enabled Input Statistics Octets 0 Packets 0 Output Statistics Octets 0 Packets 0 Service Instance 2 Encapsulation s vid 1001 only tagged VSI Name vsi11...

Страница 15: ...state Up Down Statistics Packet statistics state Enabled Packet statistics is enabled for the Ethernet service instance Disabled Packet statistics is disabled for the Ethernet service instance Input Statistics Incoming traffic statistics Octets Number of incoming bytes Packets Number of incoming packets Output Statistics Outgoing traffic statistics Octets Number of outgoing bytes Packets Number of...

Страница 16: ...dex 0 VSI State Up MTU 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain MAC Learning Enabled MAC Table Limit Drop Unknown Flooding Enabled VXLAN ID 10 Tunnels Tunnel Name Link ID State Type Flooding proxy Tunnel1 0x5000001 Up Manual Disabled Tunnel2 0x5000002 Up Manual Disabled MTunnel0 0x6002710 Up Auto Disabled ACs AC Link ID State FGE1 0 1 srv1000 0 Up Table 6 Comma...

Страница 17: ...up proxy tunnel Its tunnel interface is up but the tunnel is blocked because the primary proxy tunnel is operating correctly Defect The tunnel interface is up but the VTEP has not received BFD control packets from the remote end for 5 seconds You must check for physical link or VXLAN tunnel problems This value is available in Release 2418P01 and later versions Down The tunnel interface is down Typ...

Страница 18: ... Tunnel name Link ID State Type Flooding proxy Tunnel0 0x5000000 Up Auto Disabled Tunnel1 0x5000001 Up Manual Disabled Tunnel2 0x5000002 Up Manual Auto Disabled MTunnel0 0x6002710 Up Auto Disabled Table 7 Command output Field Description Link ID Tunnel s link ID in the VXLAN State Tunnel state Up The tunnel is operating correctly Blocked The tunnel is a backup proxy tunnel Its tunnel interface is ...

Страница 19: ...n default encapsulation tagged untagged encapsulation s vid vlan id only tagged encapsulation s vid vlan id c vid vlan id undo encapsulation Default An Ethernet service instance does not contain a frame match criterion Views Ethernet service instance view Predefined user roles network admin Parameters default Matches frames that do not match any other Ethernet service instance on the interface tag...

Страница 20: ...red by using the encapsulation s vid vlan id c vid vlan id command An Ethernet service instance can contain only one match criterion To change the match criterion you must remove the original criterion first When you remove the match criterion in an Ethernet service instance the mapping between the service instance and the VSI is removed automatically If the Ethernet service instance uses the defa...

Страница 21: ...up to restore the default Syntax group group address source source address undo group group address source source address Default A VXLAN uses unicast mode head end replication for flood traffic No multicast group address or source IP address is specified for multicast VXLAN packets Views VXLAN view Predefined user roles network admin Parameters group address Specifies a multicast address in the r...

Страница 22: ...e the IGMP host function on an interface Syntax igmp host enable undo igmp host enable Default The IGMP host function is disabled on an interface Views Interface view Predefined user roles network admin Usage guidelines For this command to take effect you must use the multicast routing command to enable IP multicast routing You must configure an interface as an IGMP host if its IP address is the s...

Страница 23: ... add a static remote MAC address entry Use undo mac address static to remove a static remote MAC address entry Syntax mac address static mac address interface tunnel tunnel number vsi vsi name undo mac address static mac address interface tunnel tunnel number vsi vsi name Default VXLAN VSIs do not have static remote MAC address entries Views System view Predefined user roles network admin Paramete...

Страница 24: ...has higher priority than the dynamic entry Examples Add the MAC address 000f e201 0101 to the VSI vsi1 and specify Tunnel interface 1 as the outgoing interface Sysname system view Sysname mac address static 000f e201 0101 interface tunnel 1 vsi vsi1 Related commands vxlan tunnel mac learning disable reserved vxlan Use reserved vxlan to specify the reserved VXLAN Use undo reserved vxlan to restore ...

Страница 25: ... display arp suppression vsi arp suppression enable reset l2vpn mac address Use reset l2vpn mac address to clear dynamic MAC address entries learned in the data plane on VSIs Syntax reset l2vpn mac address vsi vsi name Views User view Predefined user roles network admin Parameters vsi vsi name Specifies a VSI by its name a case sensitive string of 1 to 31 characters If you do not specify a VSI the...

Страница 26: ...e flooding disable command The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown unicast floods are confined to the local site Examples Enable selective flood for 000f e201 0101 on the VSI vsi1 Sysname system view Sysname vsi vsi1 Sysname vsi vsi1 selective flooding mac address 000f e201 0101 Related commands flooding disable service instance Use servic...

Страница 27: ... default Syntax shutdown undo shutdown Default VSIs are up Views VSI view Predefined user roles network admin Usage guidelines Use this command to temporarily disable a VSI to provide Layer 2 switching services The shutdown action does not change settings on the VSI You can continue to configure the VSI After you bring up the VSI again the VSI provides services based on the latest settings Example...

Страница 28: ...primary proxy tunnel to forward broadcast multicast and unknown unicast traffic Other proxy tunnels are backups and they do not forward traffic when the primary proxy tunnel is operating correctly To change a flood proxy tunnel for a VXLAN perform the following tasks Use the undo tunnel command to remove the flood proxy tunnel Use the tunnel command to enable flood proxy on another tunnel and assi...

Страница 29: ... VTEPs send BFD single hop control packets to detect the connectivity of VXLAN tunnels The VTEPs periodically send control packets to each other through the VXLAN tunnel A VTEP sets the tunnel state to Defect if it has not received control packets from the remote end for five seconds In this situation the tunnel interface state is still Up The tunnel state will change from Defect to Up if the VTEP...

Страница 30: ...ess 1 1 1 9 vsi Use vsi to create a VSI and enter VSI view Use undo vsi to delete a VSI Syntax vsi vsi name undo vsi vsi name Default No VSIs are created on the device Views System view Predefined user roles network admin Parameters vsi name Specifies a VSI name a case sensitive string of 1 to 31 characters Usage guidelines A VSI acts as a virtual switch to provide Layer 2 switching services for a...

Страница 31: ...on the device Views System view Predefined user roles network admin Parameters group ip Specifies a VXLAN VTEP group by its group IP address member ip 1 8 Specifies a space separated list of up to eight member VTEP IP addresses Examples Specify the VXLAN VTEP group 1 1 1 1 and its member VTEPs at 2 2 2 2 3 3 3 3 and 4 4 4 4 Sysname system view Sysname vtep group 1 1 1 1 member remote 2 2 2 2 3 3 3...

Страница 32: ...m discard Default The device does not check the UDP checksum of VXLAN packets Views System view Predefined user roles network admin Usage guidelines This command enables the device to check the UDP checksum of VXLAN packets The device always sets the UDP checksum of VXLAN packets to 0 For compatibility with third party devices a VXLAN packet can pass the check if its UDP checksum is 0 or correct I...

Страница 33: ...on the local VTEP To configure the access mode of an Ethernet service instance use the xconnect vsi command Examples Enable the device to drop VXLAN packets that have 802 1Q VLAN tags Sysname system view Sysname vxlan invalid vlan tag discard Related commands vxlan invalid udp checksum discard xconnect vsi vxlan local mac report Use vxlan local mac report to enable VXLAN local MAC change logging U...

Страница 34: ...ac learning disable undo vxlan tunnel mac learning disable Default Remote MAC address learning is enabled Views System view Predefined user roles network admin Usage guidelines When network attacks occur use this command to prevent the device from learning incorrect remote MAC addresses in the data plane Examples Disable remote MAC address learning Sysname system view Sysname vxlan tunnel mac lear...

Страница 35: ...arameters vsi name Specifies the VSI name a case sensitive string of 1 to 31 characters access mode Specifies an access mode By default the access mode is VLAN ethernet Specifies the Ethernet access mode vlan Specifies the VLAN access mode Usage guidelines To configure this command you must first use the encapsulation command to add a frame match criterion to the Ethernet service instance For traf...

Страница 36: ...s If the Ethernet service instance uses the default tagged or untagged frame match criterion the access mode set by this command does not take effect The mapped VSI uses Ethernet access mode to process traffic Examples On FortyGigE 1 0 1 configure Ethernet service instance 200 to match frames with an outer 802 1Q VLAN tag of 200 and map the instance to the VSI vpn1 Sysname system view Sysname vsi ...

Страница 37: ...chd cacert bootstrap ovsdb server certificate Use ovsdb server certificate to specify a certificate file for SSL Use undo ovsdb server certificate to remove the certificate file setting for SSL Syntax ovsdb server certificate cert filename undo ovsdb server certificate Default No certificate file is specified Views System view Predefined user roles network admin Parameters cert filename Specifies ...

Страница 38: ...to specify a key file for SSL Use undo ovsdb private key to remove the key file setting for SSL Syntax ovsdb server private key key filename undo ovsdb server private key Default No key file is specified Views System view Predefined user roles network admin Parameters key filename Specifies the key file name a case insensitive string The file name cannot contain the slot string Usage guidelines Yo...

Страница 39: ...device can listen for OVSDB SSL connection requests on only one port If you execute this command multiple times the most recent configuration takes effect Before you use this command specify a key file certificate file and CA certificate file for SSL This command takes effect after you execute the ovsdb server enable command Examples Enable the device to listen for OVSDB SSL connection requests on...

Страница 40: ...x ovsdb server ssl ipv4 address port port number undo ovsdb server ssl ipv4 address port port number Default The device does not have active SSL connections Views System view Predefined user roles network admin Parameters ssl ipv4 address Specifies the destination IPv4 address for the SSL connection port port number Specifies the destination port for the SSL connection The value range for the port...

Страница 41: ...OVSDB TCP connections This command takes effect after you execute the ovsdb server enable command Examples Establish an active OVSDB TCP connection to port 6632 at 10 0 2 15 Sysname system view Sysname ovsdb server tcp 10 0 2 15 port 6632 vtep access port Use vtep access port to specify a site facing interface as a VTEP access port Use undo vtep access port to restore the default Syntax vtep acces...

Страница 42: ...vxlan tunnel service node Use vxlan tunnel service node to enable flood proxy on multicast VXLAN tunnels Use undo vxlan tunnel service node to disable flood proxy on multicast VXLAN tunnels Syntax vxlan tunnel service node undo vxlan tunnel service node Default Flood proxy is disabled on multicast VXLAN tunnels Views System view Predefined user roles network admin Usage guidelines You must enable ...

Страница 43: ...36 Examples Enable flood proxy on all multicast VXLAN tunnels Sysname system view Sysname vxlan tunnel service node ...

Страница 44: ...vsdb server enable 30 ovsdb server private key 31 ovsdb server pssl 32 ovsdb server ptcp 32 ovsdb server ssl 33 ovsdb server tcp 33 R reserved vxlan 17 reset arp suppression vsi 18 reset l2vpn mac address 18 S selective flooding mac address 19 service instance 19 shutdown 20 T tunnel 20 tunnel bfd enable 21 tunnel global source address 22 V vsi 23 vtep access port 34 vtep enable 35 vtep group memb...

Отзывы: