< Home

Configuring Deployment Mode for VXLAN Access Service

Context

When configuring VXLAN on a device, you need to select a deployment mode for the VXLAN access service on the downlink interface.

At the access side, two methods are available for deploying VXLAN services:

  • Based on VLAN: You can associate one or more VLANs with a BD to add users in these VLANs to the BD. This VLAN-based mode implements larger-granularity control, but is easy to configure. It applies to VXLAN deployment on a live network.

  • Based on encapsulation mode: The device sends packets of different encapsulation modes to different Layer 2 sub-interfaces based on the VLAN tags contained in the packets. You can bind a Layer 2 sub-interface to a BD to add specified users to the BD. This mode implements refined and flexible control but requires more complex configuration. It applies to VXLAN deployment on a new network.

When NAC authentication is configured on the access-side main interface, VXLAN Layer 2 sub-interfaces cannot be created on the main interface to connect to the VXLAN.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run set vxlan resource super-mode

    The super VXLAN resource mode is set.

    Only the S6730-S, S6730S-S, S5732-H, S5731-S, S5731S-S, S5731S-H, S6730-H, S6730S-H, S5731-H, S5730-HI, S6720-HI, and S5720-HI support this command.

    By default, the preceding devices support 4095 BDs. These devices support 16000 BDs after the super VXLAN resource mode is set.

    • After setting the super VXLAN resource mode, save the configuration and then restart the device to make the configuration take effect.

    • When the super VXLAN resource mode is configured, the forwarding performance of some services may degrade, such as the IP multicast, VPLS, VLAN mapping, Layer 3 traffic forwarding of sub-interfaces, and VLAN stacking services.

  3. Run bridge-domain bd-id

    A BD is created and the BD view is displayed.

    By default, no BD is created.

  4. (Optional) Run description description

    The description is configured for the BD.

    By default, no description is configured for a BD.

  5. Run quit

    Exit from the BD view and return to the system view.

  6. (Optional) Specify an interface as a VXLAN access-side interface.

    Only the S6720-EI and S6720S-EII switches support this configuration.

    1. Run interface interface-type interface-number

      The interface view is displayed.

    2. Run port nvo3 mode access

      The interface is specified as a VXLAN access-side interface.

      By default, when an interface is not specified as a VXLAN access-side interface, the interface cannot forward common IP packets that carry VXLAN packets and have the destination UDP port number 4789 to the VXLAN network.

    3. Run quit

      Return to the system view.

  7. Configure a service access point.

    • Based on VLAN:

      1. Run vlan vlan-id

        A VLAN is created and the VLAN view is displayed.

      2. Run quit

        Exit from the VLAN view and return to the system view.

      3. Run bridge-domain bd-id

        The view of an existing BD is displayed.

      4. Run l2 binding vlan vlan-id

        A VLAN is associated with the BD so that data packets can be forwarded in the BD.

        By default, a VLAN is not associated with a BD.

        • One VLAN can be associated with only one BD, but one BD can be associated with multiple VLANs.

        • After a global VLAN is associated with a BD, you need to add corresponding interfaces to the VLAN.

        • If a VLAN is configured as a voice VLAN on the S6720-EI and S6720S-EI, the VLAN cannot be associated with a BD.

        • In NAC authentication scenarios, if there are online users in a VLAN, running the undo l2 binding vlan command to unbind the VLAN from a BD makes the users go offline.
        • If a VLAN is an ISP VLAN authorized to users and users exist in the VLAN on the device, the VLAN cannot be associated with a BD.
        • If a VLAN is used as the management VLAN of a Fit AP, it is not recommended that the VLAN be associated with a BD.
    • Based on encapsulation mode:

      1. Run interface interface-type interface-number

        The view of the Ethernet interface to be created as a Layer 2 sub-interface is displayed.

      2. Run port link-type { trunk | hybrid }

        The Ethernet interface is configured as the trunk or hybrid interface.

      3. Run quit

        Return to the system view.

      4. Run interface interface-type interface-number.subnum mode l2

        A Layer 2 sub-interface is created, and the sub-interface view is displayed.

      5. Run rewrite pop { single | double | none }

        The device is configured to remove VLAN tags from packets received by the Layer 2 sub-interface.

        By default, the device removes two VLAN tags from packets received by Layer 2 sub-interfaces that use QinQ encapsulation, removes one VLAN tag from packets received by Layer 2 sub-interfaces that use Dot1q encapsulation.

        • You can only configure the rewrite pop single command on Layer 2 sub-interfaces that use Dot1q encapsulation and no VLAN segment can be configured for Layer 2 sub-interfaces.
        • You can only configure the rewrite pop double command on Layer 2 sub-interfaces that use QinQ encapsulation and no VLAN segment can be configured for Layer 2 sub-interfaces.
        • You can only configure the rewrite pop none command on Layer 2 sub-interfaces that use Dot1q or QinQ encapsulation.

      6. Run encapsulation { dot1q vid low-pe-vid [ to high-pe-vid ] | default | untag | qinq vid low-vlan-vid [ to high-vlan-vid ] ce-vid low-ce-vid [ to high-ce-vid ] }

        An encapsulation mode is configured for a Layer 2 sub-interface to specify the type of packets that can pass through the sub-interface.

        By default, the encapsulation mode of packets allowed to pass a Layer 2 sub-interface is not configured.

        When configuring an encapsulation mode on a Layer 2 sub-interface, pay attention to the following points:

        • The VLAN ID in dot1q mode or outer VLAN ID in qinq mode cannot be the same as the allowed VLAN of the corresponding main interface or the global VLAN.

        • On the same main interface, the VLAN ID in dot1q mode and the outer VLAN ID in qinq mode must be different.

        • After NAC authentication is configured on the main interface, the traffic encapsulation type on a Layer 2 sub-interface cannot be set to default.

        • When the encapsulation mode of a Layer 2 sub-interface is default, the corresponding main interface cannot be added to any VLAN, including VLAN 1.

        • Before the encapsulation mode of a Layer 2 sub-interface is set to default, the main interface has only one sub-interface.

        • After the encapsulation mode of a Layer 2 sub-interface is set to default, no other sub-interface can be created on the main interface.

        • When the encapsulation mode of a Layer 2 sub-interface is set to untag, the corresponding main interface cannot be added to VLAN 1, and other sub-interfaces of the main interface cannot be set to untag.

        • You can configure only one encapsulation mode for each Layer 2 sub-interface. If an encapsulation mode has been configured for a Layer 2 sub-interface, run the undo encapsulation command to delete the original mode before you configure another mode.

        • Before configuring a VLAN segment on a Dot1q or QinQ Layer 2 sub-interface, you must run the rewrite pop none command.

      7. Run bridge-domain bd-id

        A specified Layer 2 sub-interface is associated with a BD so that data packets can be forwarded in the BD.

        By default, a Layer 2 sub-interface is not associated with a BD.

Parent Topic: Configuring VXLAN in Centralized Gateway Mode Using BGP EVPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >