H3C S5560X-EI Series, Configuration Manual

Page 1: ...H3C S5560X EI Switch Series VXLAN Configuration Guide New H3C Technologies Co Ltd http www h3c com hk Software version Release 1110 series Document version 6W102 20171207...

Page 2: ...SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of New H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners...

Page 3: ...ces keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional synta...

Page 4: ...generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a...

Page 5: ...cumentation To access the most up to date H3C product documentation go to the H3C website at http www h3c com hk To obtain information about installation configuration and maintenance click http www h...

Page 6: ...the local site 13 Setting the destination UDP port number of VXLAN packets 14 Enabling ARP flood suppression 14 Disabling remote ARP learning for VXLANs 14 Displaying and maintaining VXLANs 15 Unicast...

Page 7: ...er site Layer 2 frames into VXLAN packets and forwards the packets to the destination along the Layer 3 forwarding paths provided by the underlay network The underlay network is transparent to tenants...

Page 8: ...the frame It is also called the virtual network identifier VNI 8 byte outer UDP header for VXLAN The default VXLAN destination UDP port number is 4789 20 byte outer IP header Valid addresses of VTEPs...

Page 9: ...a list of VLANs on a Layer 2 Ethernet interface by using a frame match criterion The frame match criterion specifies the characteristics of traffic from the VLANs such as tagging status and VLAN IDs...

Page 10: ...iguring VXLAN IP gateways A VTEP uses the following processes to forward traffic at Layer 2 Unicast process Applies to destination known unicast traffic Flood process Applies to multicast broadcast an...

Page 11: ...en sends one replica to the destination IP address of each VXLAN tunnel in the VXLAN See Figure 5 Each destination VTEP floods the inner Ethernet frame to all the site facing interfaces in the VXLAN T...

Page 12: ...RP flood suppression table with local and remote MAC addresses If an ARP request has a matching entry the VTEP replies to the request on behalf of the user terminal If no match is found the VTEP flood...

Page 13: ...n the MAC address of Terminal 1 10 VTEP 3 creates a suppression entry for Terminal 10 and replies to the ARP request VXLAN IP gateways A VXLAN IP gateway provides Layer 3 forwarding services for user...

Page 14: ...tunnel has only one route in the underlay network VXLAN configuration task list Tasks at a glance Remarks Required Setting the forwarding mode for VXLANs N A Required Creating a VXLAN on a VSI N A Req...

Page 15: ...3 Create a VSI and enter VSI view vsi vsi name By default no VSIs exist 4 Optional Configure a VSI description description text By default a VSI does not have a description 5 Enable the VSI undo shutd...

Page 16: ...ess is specified for a tunnel Specify the remote VTEP s IP address This IP address will be the destination IP address in the outer IP header of tunneled VXLAN packets As a best practice do not configu...

Page 17: ...rvice instance to a VSI xconnect vsi vsi name access mode vlan By default an Ethernet service instance is not mapped to any VSI Mapping dynamic Ethernet service instances to VSIs About dynamic Etherne...

Page 18: ...emote MAC address entries Do not configure static remote MAC entries for VXLAN tunnels that are automatically established by using EVPN EVPN re establishes VXLAN tunnels if the transport facing interf...

Page 19: ...nge logging Step Command Remarks 1 Enter system view system view N A 2 Enable local MAC change logging vxlan local mac report By default local MAC change logging is disabled Confining floods to the lo...

Page 20: ...he table If the flooding disable command is configured set the MAC aging timer to a higher value than the aging timer for ARP flood suppression entries on all VTEPs This setting prevents the traffic b...

Page 21: ...interface type interface number service instance instance id verbose Display information about VSIs display l2vpn vsi name vsi name verbose Display information about tunnel interfaces display interfa...

Page 22: ...y 2 Configure IP addresses and unicast routing settings Assign IP addresses to interfaces as shown in Figure 7 Details not shown Configure OSPF on all transport network switches Switches A through D D...

Page 23: ...nk SwitchA GigabitEthernet1 0 1 port trunk permit vlan 2 SwitchA GigabitEthernet1 0 1 service instance 1000 SwitchA GigabitEthernet1 0 1 srv1000 encapsulation s vid 2 Map Ethernet service instance 100...

Page 24: ...2 Map Ethernet service instance 1000 to VSI vpna SwitchB GigabitEthernet1 0 1 srv1000 xconnect vsi vpna SwitchB GigabitEthernet1 0 1 srv1000 quit SwitchB GigabitEthernet1 0 1 quit 5 Configure Switch C...

Page 25: ...vsi vpna SwitchC GigabitEthernet1 0 1 srv1000 quit SwitchC GigabitEthernet1 0 1 quit Verifying the configuration 1 Verify the VXLAN settings on the VTEPs This example uses Switch A Verify that the VX...

Page 26: ...l2 0x5000002 Up Manual Disabled ACs AC Link ID State Type GE1 0 1 srv1000 0 Up Manual Verify that the VTEP has learned the MAC addresses of remote user terminals SwitchA display l2vpn mac address MAC...

Page 27: ...ributed VXLAN IP gateway deployment Deploy one VXLAN IP gateway on each VTEP to provide Layer 3 forwarding for VXLANs at their respective sites This design distributes the Layer 3 traffic load across...

Page 28: ...VXLAN IP gateway placement design As shown in Figure 10 the network uses the following process to forward Layer 3 traffic from the user terminal at 10 1 1 11 to the Layer 3 network 1 The user termina...

Page 29: ...Distributed VXLAN IP gateway deployment As shown in Figure 11 each site s VTEP acts as a gateway to perform Layer 3 forwarding for the VXLANs of the local site A VTEP acts as a border gateway to the L...

Page 30: ...3 network VXLAN tunnel VXLAN tunnel Terminal Site 2 Terminal Site 3 Terminal Site 4 Terminal Site 5 Terminal Site 6 VTEP Distributed VXLAN IP gateway VTEP Distributed VXLAN IP gateway VTEP Border gate...

Page 31: ...7 GW 1 de encapsulates the ARP request and creates an ARP entry for Terminal 4 The entry contains Terminal 4 s IP address 10 1 1 12 the MAC address of VSI interface 10 on GW 2 and the incoming tunnel...

Page 32: ...cket is 10 1 1 2 the border gateway b Floods an ARP request to the local and remote sites in VXLAN 10 to obtain the MAC address of 10 1 1 2 5 The border gateway de encapsulates the ARP request creates...

Page 33: ...next hop Configuration procedure Step Command Remarks 1 Enter system view system view N A 2 Create a VSI interface and enter VSI interface view interface vsi interface vsi interface id By default no V...

Page 34: ...uted VXLAN IP gateways each gateway learns ND information independently A gateway does not forward ND packets destined for it to other gateways For distributed VXLAN IP gateways to have the same ND en...

Page 35: ...ration examples Centralized VXLAN IP gateway configuration example Network requirements As shown in Figure 13 Configure VXLAN 10 as a unicast mode VXLAN on Switch A Switch B and Switch C to provide co...

Page 36: ...em view SwitchA l2vpn enable Enable Layer 2 forwarding for VXLANs SwitchA undo vxlan ip forwarding Create VSI vpna and VXLAN 10 SwitchA vsi vpna SwitchA vsi vpna vxlan 10 SwitchA vsi vpna vxlan 10 qui...

Page 37: ...ed as the source IP address of the VXLAN tunnels to Switch A and Switch C SwitchB interface loopback 0 SwitchB Loopback0 ip address 2 2 2 2 255 255 255 255 SwitchB Loopback0 quit Create a VXLAN tunnel...

Page 38: ...ce 3 3 3 3 SwitchC Tunnel1 destination 1 1 1 1 SwitchC Tunnel1 quit Create a VXLAN tunnel to Switch B The tunnel interface name is Tunnel 3 SwitchC interface tunnel 3 mode vxlan SwitchC Tunnel3 source...

Page 39: ...vsi interface 1 Vsi interface1 Current state UP Line protocol state UP Description Vsi interface1 Interface Bandwidth 1000000 kbps Maximum transmission unit 1500 Internet address 10 1 1 1 24 primary...

Page 40: ...Blackhole D Dynamic S Static R Relay F FRR Destination Mask Nexthop Flag OutInterface Token Label 10 1 1 11 32 10 1 1 11 UH Vsi1 Null 2 Verify that the user terminals can access the WAN Verify that Te...

Page 41: ...14 Details not shown Configure OSPF on all transport network switches Switches A through D Details not shown Configure OSPF to advertise routes to networks 10 1 1 0 24 20 1 1 0 24 and 25 1 1 0 24 on...

Page 42: ...witchA vsi vpna vxlan 10 SwitchA vsi vpna vxlan 10 tunnel 1 SwitchA vsi vpna vxlan 10 tunnel 2 SwitchA vsi vpna vxlan 10 quit SwitchA vsi vpna quit Assign Tunnel 1 and Tunnel 2 to VXLAN 30 SwitchA vsi...

Page 43: ...p distributed gateway dynamic entry synchronize Specify VSI interface 1 as the gateway interface for VSI vpna SwitchA vsi vpna SwitchA vsi vpna gateway vsi interface 1 SwitchA vsi vpna quit Specify VS...

Page 44: ...rface 1 and assign the interface an IP address SwitchB interface vsi interface 1 SwitchB Vsi interface1 ip address 10 1 1 2 255 255 255 0 SwitchB Vsi interface1 quit Create VSI interface 2 and assign...

Page 45: ...na vxlan 10 tunnel 3 SwitchC vsi vpna vxlan 10 quit SwitchC vsi vpna quit Assign Tunnel 1 and Tunnel 3 to VXLAN 30 SwitchC vsi vpnb SwitchC vsi vpnb vxlan 30 SwitchC vsi vpnb vxlan 30 tunnel 1 SwitchC...

Page 46: ...local SwitchC Vsi interface2 local proxy arp enable SwitchC Vsi interface2 quit Specify VSI interface 2 as the gateway interface for VSI vpnb SwitchC vsi vpnb SwitchC vsi vpna gateway vsi interface 2...

Page 47: ...se VSI Name vpna VSI Index 0 VSI State Up MTU 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain MAC Learning Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding...

Page 48: ...Interface Bandwidth 1000000 kbps Maximum transmission unit 1500 Internet address 10 1 1 2 24 primary IP packet frame type Ethernet II hardware address 0011 2200 0102 IPv6 packet frame type Ethernet I...

Page 49: ...UH Vsi1 Null SwitchB display fib 20 1 1 12 Destination count 1 FIB entry count 1 Flag U Useable G Gateway H Host B Blackhole D Dynamic S Static R Relay F FRR Destination Mask Nexthop Flag OutInterfac...

Page 50: ...ill reboot the device Continue Y N y 2 On Terminal 1 and Terminal 2 specify 1 1 and 4 1 as the gateway address respectively Details not shown 3 Configure IP addresses and unicast routing settings Assi...

Page 51: ...1 SwitchA vsi vpna vxlan 10 tunnel 2 SwitchA vsi vpna vxlan 10 quit SwitchA vsi vpna quit Assign Tunnel 1 and Tunnel 2 to VXLAN 20 SwitchA vsi vpnb SwitchA vsi vpnb vxlan 20 SwitchA vsi vpnb vxlan 20...

Page 52: ...tchA Vsi interface2 quit Specify VSI interface 2 as the gateway interface for VSI vpnb SwitchA vsi vpnb SwitchA vsi vpnb gateway vsi interface 2 SwitchA vsi vpnb quit Configure an IPv6 static route Se...

Page 53: ...nterface an IPv6 address SwitchB interface vsi interface 1 SwitchB Vsi interface1 ipv6 address 1 2 64 SwitchB Vsi interface1 quit Create VSI interface 2 and assign the interface an IPv6 address Switch...

Page 54: ...LAN 20 SwitchC vsi vpnb SwitchC vsi vpnb vxlan 20 SwitchC vsi vpnb vxlan 20 tunnel 1 SwitchC vsi vpnb vxlan 20 tunnel 3 SwitchC vsi vpnb vxlan 20 quit SwitchC vsi vpnb quit On GigabitEthernet 1 0 1 cr...

Page 55: ...C vsi vpnb quit Configure an IPv6 static route Set the destination address to 3 64 and the next hop to 4 2 SwitchC ipv6 route static 3 64 4 2 Verifying the configuration 1 Verify the distributed VXLAN...

Page 56: ...ateway interfaces for the VSIs SwitchA display l2vpn vsi verbose VSI Name vpna VSI Index 0 VSI State Up MTU 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain MAC Learning E...

Page 57: ...ntry count 1 Flag U Useable G Gateway H Host B Blackhole D Dynamic S Static R Relay F FRR Destination 4 400 Prefix length 128 Nexthop 4 400 Flags UH Time stamp 0x2c Label Null Interface Vsi2 Token Inv...

Page 58: ...sec Input 0 packets 0 bytes 0 drops Output 0 packets 0 bytes 0 drops Verify that the VXLAN tunnels have been assigned to the VXLANs and the VSI interfaces are the gateway interfaces for the VSIs Swit...

Page 59: ...amic S Static R Relay F FRR Destination 1 100 Prefix length 128 Nexthop 1 100 Flags UH Time stamp 0x21 Label Null Interface Vsi1 Token Invalid SwitchB display ipv6 fib 4 400 Destination count 1 FIB en...

Page 60: ...odel 1 VXLAN overview 1 VXLAN static Ethernet service instance VSI mapping 11 F flooding VXLAN ARP flood suppression 6 14 VXLAN local flood confine 13 VXLAN traffic forwarding flood process 4 5 format...

Page 61: ...rview 1 maintaining VXLAN 15 VXLAN IP gateway 29 managing VXLAN MAC address entries 12 manual VXLAN tunnel configuration 9 mapping VXLAN AC VSI 10 VXLAN dynamic Ethernet service instance VSI 11 VXLAN...

Page 62: ...ket destination UDP port 14 protocols and standards VXLAN 7 proxying VXLAN traffic forwarding flood proxy mode 5 R remote VXLAN remote MAC address learning 12 VXLAN static MAC address entry 12 restric...

Page 63: ...lized 22 IP gateway distributed 23 IP gateway separated from VTEP 21 IP gateway configuration 21 29 IP gateway configuration centralized 26 29 IP gateway configuration distributed 27 IP gateway config...