Configuring a VXLAN Tunnel

Context

When configuring VXLAN on a device, you need to configure related information for VXLAN tunnel establishment on an uplink interface.

A VXLAN tunnel is established based on the IP addresses of two VXLAN Tunnel Endpoints (VTEPs). Therefore, you need to configure the source VTEP IP address and destination VTEP IP address on the devices on both ends of a tunnel.

Take VTEP1 in Figure 1 as an example. The following describes the configurations required for establishment of a VXLAN tunnel:

Source VTEP IP address: source IP address in a VXLAN packet, that is, IP address of GE0/0/1 on VTEP1
Destination VTEP IP address: destination IP address in a VXLAN packet, that is, IP address of GE0/0/1 on VTEP2

Figure 1 VXLAN tunnel establishment

You need to run the vni head-end peer-list command to configure the corresponding VTEP address even if the source VTEP matches only one destination VTEP.
Run the ping command to check whether a reachable route exists between two ends of the tunnel. If there is a reachable route, the tunnel can be established and packets can be normally forwarded. If the two devices have a route to each other but the route is unreachable, the tunnel can still go Up but packets cannot be forwarded.
If a switch uses static routes to forward traffic at the tunnel side, you are advised to configure BFD for static routes. Routes then can be deleted promptly when a link failure occurs. This configuration prevents VXLAN packet loss that occurs because routes are unreachable but the tunnel is still Up.

Procedure

Run system-view
The system view is displayed.
Run bridge-domain bd-id
The BD view is displayed.
Run vxlan vni vni-id
A VNI is configured for the BD.

By default, no VNI is associated with a BD.
Run quit
Exit from the BD view and return to the system view.
Run interface nve nve-number
An NVE interface is created, and the NVE interface view is displayed.
Run source ip-address
An IP address is configured for the source VTEP.

By default, no IP address is configured for a source VTEP.
Run vni vni-id head-end peer-list ip-address &<1-10>
An ingress replication list is configured.

By default, no ingress replication list is configured for any VNI.

After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets to.

BUM packet forwarding is implemented only using ingress replication. To establish a VXLAN tunnel between a Huawei device and a non-Huawei device, ensure that the non-Huawei device also has ingress replication configured. Otherwise, communication fails.
Run quit
Exit from the NVE interface view and return to the system view.
(Optional) Run vxlan tunnel-status track exact-route
Subscription to the status of the exact route to a VXLAN tunnel destination is enabled.

By default, subscription to the status of the exact route to a VXLAN tunnel destination is disabled.

By default, if the source IP address of a VXLAN tunnel is reachable using an exact and the network segment where the destination IP address belongs is reachable using a route, this VXLAN tunnel is considered Up. In real-world networking, there may be multiple destination addresses on the same network segment. If the network segment is considered reachable because one of the destination addresses is reachable, the tunnel status is reported incorrectly when an IP address on this network segment becomes unreachable. As a result, network faults cannot be discovered in a timely manner. To address this issue, run the vxlan tunnel-status track exact-route command to enable subscription to the status of the exact route to a VXLAN tunnel destination. Subsequently, the VXLAN tunnel is considered Up only when the destination VTEP is reachable using an exact route.