OS6560 AOS 8.7.R01 Data Center Switching Guide
OS6560 AOS 8.7.R01 Data Center Switching Guide
OS6560 AOS 8.7.R01 Data Center Switching Guide
A
July 2020
8.7R1
This user guide covers multiple OmniSwitch product lines and describes overall AOS feature
configuration information. For platform specific feature support, please refer to the Specifications
Guide and the Release Notes.
www.al-enterprise.com
The Alcatel-Lucent name and logo are trademarks of Nokia used under license by ALE. To view other
trademarks used by affiliated companies of ALE Holding, visit: www.al-enterprise.com/en/legal/trade-
marks-copyright. All other trademarks are the property of their respective owners. The information
presented is subject to change without notice. Neither ALE Holding nor any of its affiliates assumes any
responsibility for inaccuracies contained herein.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 iii
Contents
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 viii
About This Guide
This OmniSwitch AOS Release 8 Data Center Switching Guide describes how to set up and monitor
supported protocols and software features that comprise the Alcatel-Lucent Enterprise data center
switching architecture. Some of the features described in this guide are purchased as an add-on package to
the base switch software.
Supported Platforms
The information in this guide applies only to the OmniSwitch 6900 Series.
• Universal Network Profile (UNP), specifically for configuring Virtual Network Profiles (vNP) to
manage virtual machines within and between data centers.
• Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) snooping to ensure the security of an
FCoE network.
• FCoE/FC gateway functionality to converge FC over Ethernet and FC-to-FC over Ethernet through an
OmniSwitch gateway.
• Virtual eXtensible Local Area Network (VXLAN) to transparently extend Layer 2 networks over a
Layer 3 infrastructure.
• VXLAN Snooping to detect and identify VXLAN traffic on the network.
Documentation Roadmap
The OmniSwitch user documentation suite was designed to supply you with information at several critical
junctures of the configuration process.The following section outlines a roadmap of the manuals that will
help you at each stage of the configuration process. Under each stage, we point you to the manual or
manuals that will be most helpful to you.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 xii
About This Guide Documentation Roadmap
Anytime
The OmniSwitch AOS Release 8 CLI Reference Guide contains comprehensive information on all CLI
commands supported by the switch. This guide includes syntax, default, usage, example, related CLI
command, and CLI-to-MIB variable mapping information for all CLI commands supported by the switch.
This guide can be consulted anytime during the configuration process to find detailed and specific
information on each CLI command.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 xiii
About This Guide Related Documentation
Related Documentation
The following are the titles and descriptions of all the related OmniSwitch user manuals:
• OmniSwitch 6900 Hardware Users Guides
Describes the hardware and software procedures for getting an OmniSwitch up and running as well as
complete technical specifications and procedures for all OmniSwitch chassis, power supplies, fans, and
Network Interface (NI) modules.
• OmniSwitch AOS Release 8 CLI Reference Guide
Complete reference to all CLI commands supported on the OmniSwitch. Includes syntax definitions,
default values, examples, usage guidelines and CLI-to-MIB variable mappings.
• OmniSwitch AOS Release 8 Switch Management Guide
Includes procedures for readying an individual switch for integration into a network. Topics include
the software directory architecture, image rollback protections, authenticated switch access, managing
switch files, system configuration, using SNMP, and using web management software (WebView).
• OmniSwitch AOS Release 8 Network Configuration Guide
Includes network configuration procedures and descriptive information on all the major software
features and protocols included in the base software package. Chapters cover Layer 2 information
(Ethernet and VLAN configuration), Layer 3 information (routing protocols, such as RIP and IPv6),
security options (Access Guardian), Quality of Service (QoS), link aggregation, and server load
balancing.
• OmniSwitch AOS Release 8 Advanced Routing Configuration Guide
Includes network configuration procedures and descriptive information on all the software features and
protocols included in the advanced routing software package. Chapters cover multicast routing
(DVMRP and PIM-SM), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP).
• OmniSwitch AOS Release 8 Data Center Switching Guide
Includes an introduction to the OmniSwitch data center switching architecture as well as network
configuration procedures and descriptive information on all the software features and protocols that
support this architecture. Chapters cover, Data Center Bridging (DCB) protocols, Virtual Network
Profile (vNP), and FCoE/FC gateway functionality.
• OmniSwitch AOS Release 8 Transceivers Guide
Includes SFP and XFP transceiver specifications and product compatibility information.
• OmniSwitch AOS Release 8 Specifications Guide
Includes Specifications table information for the features documented in the Switch Management
Guide, Network Configuration Guide, Advanced Routing Guide, and Data Center Switching Guide.
• Technical Tips, Field Notices
Includes critical Open Problem Reports, feature exceptions, and other important information on the
features supported in the current release and any limitations to their support.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 xiv
About This Guide Technical Support
Technical Support
An Alcatel-Lucent Enterprise service agreement brings your company the assurance of 7x24 no-excuses
technical support. You’ll also receive regular software updates to maintain and maximize your Alcatel-
Lucent Enterprise product’s features and functionality and on-site hardware replacement through our
global network of highly qualified service delivery partners.
With 24-hour access to Alcatel-Lucent Enterprise’s Service and Support web page, you’ll be able to view
and update any case (open or closed) that you have reported to Alcatel-Lucent Enterprise’s technical
support, open a new case or access helpful release notes, technical bulletins, and manuals.
Access additional information on Alcatel-Lucent Enterprise’s Service Programs:
Web: businessportal2.alcatel-lucent.com
Phone: 1-800-995-2696
Email: ebg_global_supportcenter@al-enterprise.com
Alcatel-Lucent Enterprise helps enterprises address the challenges and ongoing transformation of data
center networks while delivering a high-quality user experience for new real-time applications, greater
agility in deploying new applications, seamless integration of public cloud services, and reduced data
center costs. To deliver on these capabilities, Alcatel-Lucent Enterprise provides a unique blueprint for
data center switching that brings together three core innovations:
• OmniSwitch Pod. A unique architecture concept for top-of-rack switches that can provide server-to-
server connectivity without the need for a core switch to carry traffic. The pod is a highly dense
architecture that ensures low latency and high performance between servers connected to the same pod.
• Data Center Mesh. The mesh consists of pods connected to each other and to core switches to bring
together thousands of server-facing ports with low aggregate end-to-end latency. Implementing the data
center mesh architecture allows enterprises to create virtual data centers supporting defined
workgroups or departments.
• Virtual Network Profile (vNP). A type of Universal Network Profile (UNP) that the administrator
configures specifically for virtual machine classification. A virtual machine is bound to a vNP to
ensure consistent application of network access controls and QoS policies when a virtual machine is
initially detected or moves to a different network location.
In This Chapter
This chapter contains an overview of the OmniSwitch components and features of the Alcatel-Lucent
Enterprise Data Center Switching solution. It provides a general example for configuring the related data
center software applications through the Command Line Interface (CLI). CLI commands are used in the
configuration examples; for more details about the syntax of commands, see the OmniSwitch AOS Release
8 CLI Reference Guide.
The following topics are included in this chapter:
• “Data Center Switching Components” on page 1-2.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-1
Understanding Data Center Switching Data Center Switching Components
OmniSwitch Pod
The OmniSwitch pod is an architecture concept for top-of-rack switches that provides server-to-server
(east-west and north-south) connectivity without the need for a core switch to carry traffic. The pod is a
highly dense architecture that ensures low latency and high performance between servers connected to the
same pod.
The architecture of the OmniSwitch pod provides the scalability necessary to handle changing data center
demands. A pod may initially only consist of one or two such switches, but as the demand to handle more
and more traffic grows, additional switches are easily added into the pod configuration.
Figure 1 shows some examples of OmniSwitch pod architectures.
VFL
LACP LACP
Each pod is a switching fabric where every switch could be connected to every other switch. When pods
are then connected together with other pods and core switches, a data center mesh is formed.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-2
Understanding Data Center Switching Data Center Switching Components
Corporate
Network
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-3
Understanding Data Center Switching Data Center Switching Components
• Fibre Channel over Ethernet (FCoE) network convergence solutions to facilitate the expansion of a
Fibre Chanel (FC) storage area network (SAN) across an existing Ethernet infrastructure, without
having to purchase or manage additional, costly FC equipment. FCoE convergence features supported
include the following:
– FCoE transit switch. The OmniSwitch supports the FCoE technology used to tunnel FC frames
encapsulated within Ethernet MAC frames. To provide the necessary FCoE transit switch
functionality, the OmniSwitch supports FCoE Initialization Protocol (FIP) snooping and Data
Center Bridging (DCB) protocols for lossless Ethernet. A transit switch is basically a Layer 2 DCB
switch that bridges encapsulated FCoE traffic over the Ethernet fabric between FCoE end devices.
– FCoE/FC gateway switch. The OmniSwitch serves as an FCoE forwarder to connect FCoE nodes
to FC switches, connect FC nodes to an FCoE forwarder, and connect native FC fabrics across an
FCoE network. Providing this type of functionality allows the OmniSwitch to transparently connect
FCoE and FC nodes with an FC SAN across an FCoE (lossless Ethernet) network.
For more information about the OmniSwitch implementation of FCoE solutions, see Chapter 5,
“Configuring FIP Snooping,” and Chapter 6, “Configuring an FCoE/FC Gateway.”
• Shortest Path Bridging MAC (SPBM) to virtualize the data center mesh.
SPBM extends Layer 2 across the data center mesh while maintaining a loop-free network. All connec-
tions between all switches in the topology remain active (no blocking of redundant links).
SPBM uses the Provider Backbone Bridge (PBB) network model to encapsulate (using IEEE 802.1ah
headers) and tunnel customer traffic through the network backbone. The shortest path trees upon which
the PBB network infrastructure operates are determined using a version of the Intermediate System-to-
Intermediate System (IS-IS) link state protocol that supports TLV extensions for SPB (ISIS-SPB).
For more information about SPBM, see the “Configuring Shortest Path Bridging” chapter in the
OmniSwitch AOS Release 8 Network Configuration Guide.
• Virtual Chassis (VC) is a group of chassis managed through a single management IP address.
VC provides both node level and link level redundancy for devices connecting to the aggregation layer
via standard 802.3ad link aggregation mechanisms. See the “Configuring Virtual Chassis” chapter in
the OmniSwitch AOS Release 8 Switch Management Guide for more information.
• Virtual eXtensible Local Area Network (VxLAN) is a Layer 2 overlay network that is used to
segment and tunnel device traffic through a data center or cloud network infrastructure. The VXLAN
feature is similar to other tunneling and network virtualization solutions in that an encapsulation
technique is used to tunnel device traffic through the network. The technique implemented with the
VXLAN feature encapsulates an Ethernet MAC frame into an IP packet with a UDP header, then
forwards the packet on a Layer 3 network.
Configuring VXLAN components on the OmniSwitch allows the switch to operate as a VXLAN gate-
way device. This type of device connects VXLAN and non-VXLAN (traditional VLAN) segments. See
Chapter 3, “Configuring a VXLAN Gateway,” for more information.
• VXLAN Snooping attempts to detect and identify VXLAN traffic by sampling packets to determine if
they are VXLAN encapsulated packets. Once this type of traffic is identified, VXLAN Snooping
collects and stores information about the flow in a database on the local switch. Additional
configurable options for this feature include the ability to apply QoS policy list rules to the identified
flow and SNMP trap generation. See Chapter 4, “Configuring VXLAN Snooping,” for more
information.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-4
Understanding Data Center Switching Data Center Mesh Configuration Example
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-5
Understanding Data Center Switching Data Center Mesh Configuration Example
MPLS
DHCP OmniVista
VPLS
Server
RADIUS
VFL VFL
SPB SPB
SPB SPB
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-6
Understanding Data Center Switching Data Center Mesh Configuration Example
• Shortest Path Bridging MAC (SPBM) is used in each data center mesh (pod plus core) to define sets of
loop-free shortest path trees (SPTs) through the network. Each switch serves as the SPT root for all
traffic entering the switch, thus allowing the switch to provide the shortest path to every other switch.
The bridging methodology that allows each switch to serve as its own root is enforced through the use
of SPBM backbone VLANs (BVLANs). The BVLAN is a transport VLAN for SPBM services and
SPT calculations.
The following configuration snapshot shows a sample SPBM bridging configuration. Each switch that
will participate in the SPBM domain (pod and core) must have the same BVLAN configuration. SPBM
merges the core and pod together into the same virtual mesh domain.
-> show configuration snapshot spb-isis
! SPB-ISIS:
spb isis bvlan 4001 ect-id 1
spb isis bvlan 4002 ect-id 2
spb isis control-bvlan 4001
spb isis interface port 1/1/2-5
spb isis interface port 1/1/7
spb isis interface port 2/1/2-5
spb isis interface linkagg 2
spb isis admin-state enable
• SPBM Ethernet services are bound to the SPT bridging configuration and are used to encapsulate and
tunnel data through the data center mesh. SPBM services are configured on any OmniSwitch in the
mesh that will originate or terminate a service. This usually is on switches that are connected to host
devices or that connect to other networks where traffic will enter or leave the mesh.
The OmniSwitch Service Manager feature is used to build the SPBM service architecture layer within
the SPBM mesh domain. Provisioning a service requires the configuration of three logical entities: a
service instance identifier (I-SID), service access port, and a service access point (SAP).
The following configuration snapshot shows a sample SPB service configuration:
-> show configuration snapshot svcmgr
! SVCMGR:
service access port 1/11
service access port 1/12
service access port 1/13
service spb 1001 isid 1001 bvlan 4001 admin-state enable
service spb 1002 isid 1002 bvlan 4001 admin-state enable
service spb 1001 sap port 1/11:1001 admin-state enable
service spb 1001 sap port 1/12:1001 admin-state enable
service spb 1001 sap port 1/13:1001 admin-state enable
service spb 1002 sap port 1/11:1002 admin-state enable
service spb 1002 sap port 1/12:1002 admin-state enable
service spb 1002 sap port 1/13:1002 admin-state enable
• When a physical switch port comes up, a QSet instance (a set of eight queues) is automatically
associated with the port for unicast traffic. In addition, a default Data Center Bridging profile (DCP 8)
is automatically assigned to the QSI.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-7
Understanding Data Center Switching Data Center Mesh Configuration Example
The DCP 8 profile applies strict priority scheduling with lossy traffic class management to each of the
eight egress port queues. However, ports connected to devices running critical applications that require
lossless Ethernet, such as the storage and server hosts shown in Figure 5, can be assigned to one of the
other 10 pre-defined profiles or a user-configured profile that will provide the necessary class of
service for that device.
The following configuration snapshot shows a sample DCB configuration. In this sample, a custom
profile (DCP 11) is created with custom settings for the traffic classes. DCP 11 is then assigned to
ports 1/1 and 1/9-10, replacing the default DCP 8 assignment. In addition, ports 1/12 and 1/34-35 are
assigned to DCP 7 and 9. All other ports on the switch are using default DCP 8.
-> show configuration snapshot vfc
! Virtual Flow Control:
qos qsp dcb 11 import qsp dcb "dcp-9"
qos qsp dcb "dcp-11" tc 1 pfc flow-type nLL
qos qsp dcb "dcp-11" tc 0 pfc flow-type nLL
qos qsp dcb "dcp-11" tc 2 pfc flow-type nLL
qos qsp dcb "dcp-11" tc 4 pfc flow-type nLL
qos qsp dcb "dcp-11" tc 5 pfc flow-type nLL
qos qsp dcb "dcp-11" tc 6 pfc flow-type nLL
qos qsp dcb "dcp-11" tc 7 pfc flow-type nLL
qos qsi port 1/1 qsp dcb "dcp-11"
qos qsi port 1/9-10 qsp dcb "dcp-11"
qos qsi port 1/12 qsp dcb "dcp-7"
qos qsi port 1/34-35 qsp dcb "dcp-9"
• Virtual Network Profile (vNPs) are configured on each switch that is connected to a server to facilitate
VM discovery and mobility within the local data center or mobility between the local and remote data
center. In addition, Universal Network Profile (UNP) functionality is enabled on each of the server
connections to activate vNP classification of VMs.
The vNPs are used to assign VMs to SPBM services that span the data center mesh. When a VM is
discovered or migrates to a new location, the assigned vNP applies the necessary access controls and
any QoS policies specifically defined for the VM.
The following configuration snapshot shows a sample vNP configuration.
-> show configuration snapshot da-unp
! DA-UNP:
unp domain 1 description "AT&T"
unp domain 2 description "Sprint"
unp port 1/15 port-type access
unp port 1/15 domain 1
unp port 1/16 port-type access
unp port 1/16 domain 1
unp port 1/17 port-type access
unp port 1/17 domain 2
unp port 1/18 port-type access
unp port 1/18 domain 2
unp profile unp_for_spb1
unp profile unp_for_spb1 map service-type spb tag-value 115:150 isid 6000 bvlan
4001
unp classification vlan-tag 125 profile1 unp_for_spb1
unp classification vlan-tag 225 profile1 unp_for_spb1
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 1-8
2 Configuring Data Center
Bridging
Data Center Bridging (DCB) is a set of standards that extend Ethernet capabilities to support the
convergence of storage and data in today’s virtualized networks. The OmniSwitch implementation of DCB
supports the following DCB standards:
• Priority-Based Flow Control (PFC)—based on the IEEE 802.1Qbb standard, PFC pauses traffic
based on congestion priority instead of blocking the entire link when congestion occurs. Allows
lossless and lossy traffic with different priorities on the same physical port.
• Enhanced Transmission Selection (ETS)—based on the IEEE 802.1Qaz standard, ETS groups
related traffic into priority groups (traffic classes) to which bandwidth guarantees and scheduling are
applied.
• Data Center Bridging Exchange (DCBX)—exchanges and negotiates PFC and ETS information
between two directly connected peer devices.
This implementation of the DCB enhanced Ethernet protocols uses embedded profiles to apply the PFC,
ETS, and DCBX configuration to traffic flows. This approach is similar to how QSet profiles (QSPs) are
used to apply the QoS configuration for bandwidth management and egress port queue scheduling.
In This Chapter
This chapter describes DCB in general and how DCB profiles and port configurations are applied to the
switch. It provides information about configuring DCB through the Command Line Interface (CLI). CLI
commands are used in the configuration examples; for more details about the syntax of commands, see the
OmniSwitch AOS Release 8 CLI Reference Guide.
The following topics and procedures are included in this chapter:
• “DCB Defaults” on page 2-2.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-1
Configuring Data Center Bridging DCB Defaults
DCB Defaults
Traffic class management and related QoS functions are implemented using a Queue Set (QSet)
framework. Each port and link aggregate is associated with a set of eight egress queues, referred to as a
Queue Set Instance (QSI). Each QSI is associated with DCB profile 8 (DCP 8) by default.
A DCP defines both the Data Center Bridging Exchange (DCBX) control parameters and the traffic class
management parameters that are applied to the eight queues associated with the QSI. See “Configuring
DCB Profiles” on page 2-20 for more information.
The following are the default DCBX and traffic class management settings applied with DCP 8:
Note. QSet profiles and DCB profiles are mutually exclusive on the same port. If the OmniSwitch Data
Center software license is installed, then DCB profiles are used by default. If this license is not installed,
then QSet profiles are used by default. See “Using DCB Profiles” on page 2-14 for more information.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-2
Configuring Data Center Bridging DCB Defaults
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-3
Configuring Data Center Bridging Data Center Bridging Overview
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-4
Configuring Data Center Bridging Data Center Bridging Overview
packet loss is avoided. All other traffic marked with different priorities continues to forward on the link
until congestion occurs for those priorities as well.
Ethernet Link
To determine how traffic is treated when assigned to one of these eight priority values, the pre-defined
OmniSwitch DCB profiles use the following general IEEE recommendations for mapping traffic types to
the CoS priority values:
• Priority 1, BK—Background {Bulk transfers}
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-5
Configuring Data Center Bridging Data Center Bridging Overview
The following general steps are required to configure a lossless transport lane for a specific type of traffic:
1 Select a pre-defined DCB profile or create a custom profile that defines lossless flow control for a
specific CoS priority value.
2 Determine the end-to-end lossless data path through the OmniSwitch network and apply the profile
identified in Step 1 to each port in that path.
3 Make sure that the traffic requiring lossless transmission is marked with the same CoS priority value to
which the DCB profile will apply lossless flow control. The switch will only pause frames sent with the
same priority value as the lossless priority value specified in the DCB profile.
4 Make sure that all ingress ports are configured as QoS trusted ports with the default classification set to
802.1p.
For more information about DCB profiles, see “Using DCB Profiles” on page 2-14.
For more information about CoS 802.1p priority bit classification and marking, see “How Traffic is
Classified and Marked” on page 27-5 in Chapter 27, “Configuring QoS,” of the OmniSwitch AOS Release
8 Network Configuration Guide.
• The maximum deviation of available bandwidth is 10% when all of the following is true:
– Only ETS traffic is flowing.
– No PFC pause frames have been received.
– All ETS Traffic Classes are offered enough load to consume their share of allocated bandwidth.
• Any unused portion of the minimum bandwidth is made available for use by other classes, but only
until the original Traffic Class needs the bandwidth again. At such time, PFC (if enabled) will pause
the required traffic to minimize packet loss until the bandwidth is regained.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-6
Configuring Data Center Bridging Data Center Bridging Overview
ETS requires a minimum of three Traffic Classes per port but supports a maximum of eight Traffic
Classes per port. The use of DCB profiles to apply the ETS configuration facilitates the correct mapping
of traffic types and priorities into Traffic Classes according to the IEEE 802.1Q-REV/D1-5 standard.
There are 11 pre-defined DCB profiles available, and the ability to create additional custom profiles is also
supported. The following table shows the grouping of traffic types into a Traffic Class (TC) as applied by
the pre-defined DCB profiles (see “Using DCB Profiles” on page 2-14).
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-7
Configuring Data Center Bridging Data Center Bridging Overview
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-8
Configuring Data Center Bridging Data Center Bridging Overview
Figure 2 further illustrates ETS Traffic Class groupings by showing the Traffic Class minimum bandwidth
guarantees as defined and applied by DCB profile 2:
Ethernet Link
Figure 2-2 : ETS Traffic Classes (DCB Profile 2)
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-9
Configuring Data Center Bridging Data Center Bridging Overview
• Which traffic type priority values are mapped to a specific Traffic Class.
• What are the minimum bandwidth guarantees defined for each Traffic Class.
An OmniSwitch is considered a DCB-capable switch if the OmniSwitch Data Center software license is
installed. When this license is installed, DCBX is automatically enabled on each switch port and DCB
profiles apply the PFC and ETS configuration to the QSet instance (QSI) for each port.
The following default DCBX configuration is applied to each DCBX-enabled port:
• PFC and ETS TLVs are enabled. The following TLVs are supported:
– PFC Configuration
– ETS Configuration
– ETS Recommendation
• The “willing” bit setting is enabled. This setting indicates that the switch is willing to negotiate
changes to the operational DCBX configuration on the local port to match the DCBX configuration on
the remote port.
• PFC defense mode is enabled. When PFC negotiations fail and the defense mode is enabled, no PFC
functionality is applied to any priority but traffic flow is allowed to continue. However, if the defense
mode is disabled when negotiations fail, the local PFC configuration is applied.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-10
Configuring Data Center Bridging Data Center Bridging Overview
• The servers could be sending SAN traffic at a priority negotiated for lossless and could use a different
priority for iSCSI SAN traffic. Note that any application requiring lossless access to the network is
supported as long as the traffic is stamped with the correct priority that is negotiated for lossless.
DCBX or
manual
(PFC/ETS)
VFL SAN
DCBX
(PFC/ETS)
VFL
DCBX DCBX
(PFC/ETS) (PFC/ETS)
LACP LACP
DCBX or
manual
PFC/ETS
DCBX or
manual
PFC/ETS
Servers
Servers
Figure 2-3 : DCBX Example
For more information about DCBX, see “Configuring DCBX Port Parameters” on page 2-23.
For more information about DCB profiles, see “Using DCB Profiles” on page 2-14.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-11
Configuring Data Center Bridging Interaction with Other Features
By default, a DCB port will use the IEEE 802.1Qaz version of DCBX until the port detects the peer switch
is using the CEE version. When this occurs, the switch will automatically stop 802.1Qaz DCBX on the
port and start using CEE DCBX.
It is possible to configure the DCB port to use only a specific version of DCBX (no auto-detection) using
the qos qsi dcb dcbx version command. For example, the following command changes the DCBX
version for the specified port to CEE:
-> qos qsi port 1/10 dcb dcbx version cee
To change the DCBX version to IEEE 802.1Qaz, use the qos qsi dcb dcbx version command with the
ieee parameter. For example:
-> qos qsi port 1/11 dcb dcbx version ieee
To change the port back to automatically detecting the peer version, use the qos qsi dcb dcbx version
command with the auto parameter. For example:
-> qos qsi port 1/11 dcb dcbx version auto
Note. Using DCB profile 11 (DCP 11) is highly recommended when connecting an OmniSwitch port to
equipment from other vendors. For more information see “Using DCB Profiles” on page 2-14 and
“Configuring DCB Profiles” on page 2-20.
QoS
• This implementation of DCB provides enhanced QoS congestion and bandwidth allocation to support
multiple traffic types on the same Ethernet link. However, DCB profiles are used to apply the DCB
configuration instead of QoS profiles. These two profile types are mutually exclusive on the same port;
only one or the other profile type is applied to a port at any given time.
• Even though a port is only associated with a single DCB profile or a single QoS profile, it is possible to
have a mixture of both profile types on different ports within the same switch. For example, when a
DCB-licensed switch boots up, all ports are associated with a DCB profile by default, but the profile
association for any port can be changed to a QoS profile without disrupting the DCB profile
associations of other ports.
• The DCB protocols, Priority-based Flow Control (PFC) and Enhanced Transmission Selection (ETS),
use the Class of Service (CoS) 802.1p markings found in the frame header to define traffic groups.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-12
Configuring Data Center Bridging Interaction with Other Features
These markings are the result of QoS classification that occurs prior to and separately from the
application of DCB functionality. DCB does not replace existing QoS classification and enqueuing
mechanisms.
For more information about DCB and QoS profiles, see “Using DCB Profiles” on page 2-14 and
“Multicast and Unicast Traffic Distribution” on page 2-24.
For more information about 802.1p CoS priority bit classification and marking, see “How Traffic is
Classified and Marked” on page 27-5 in Chapter 27, “Configuring QoS,” of the OmniSwitch AOS Release
8 Network Configuration Guide.
SNMP
If SNMP performs sets on the standard MIBs at the port level and the port is associated with:
• A custom DCB profile that is only associated with that one port, then the changes are made on that
profile.
• A custom DCB profile that is associated with multiple ports, a new custom profile is created with the
changes and the new profile is associated only with that port. The new profile is accessible through the
OmniSwitch Command Line Interface (CLI).
• A default DCB profile, a new custom profile is created with the changes and the new profile is
associated only with that port. The new profile is accessible through the OmniSwitch CLI.
For more information about DCB profiles, see “Using DCB Profiles” on page 2-14.
Virtual Chassis
• DCBX is not supported on VF-Links.
• Only two profiles can be applied on the VF-links: DCB 8 (applied by default, all priorities are lossy)
and DCB 9 (all priorities are lossless, PFC is enabled).
• When configuring PFC over VFL on an OmniSwitch 6900, the VFL should not have more than eight
ports comprising the VFL.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-13
Configuring Data Center Bridging Using DCB Profiles
Note. QSet profiles and DCB profiles are mutually exclusive. If the OmniSwitch Data Center software
license is installed, then DCB profiles are used. If this license is not installed, then QSet profiles are used.
• If the OmniSwitch Data Center software license is not installed, the switch boots up as a “non-DCB”
switch and QSet profiles are applied to switch ports.
• If the OmniSwitch Data Center software license is installed, the switch boots up as a DCB switch and
profiles are applied as follows:
– If there is no existing DCB configuration, the default DCB profile (DCP 8) is applied to all switch
ports. This occurs even if the port was previously assigned to a non-default QSP (for example, QSP
2, 3, or 4).
– If there is an existing DCB configuration, the profiles are applied based on that configuration.
• If a switch boots up in the DCB mode and no DCB configuration is present (only default DCP 8), the
switch will start DCBX by default to make sure each port is auto-configurable via DCBX to match the
peer configuration. This provides a “plug-and-play” installation process that allows a switch running
the default DCB configuration to automatically adapt to the network.
The DCB profiles are based on the 802.1Q-REV/D1-5 standard to define how the switch classifies
different traffic types and priority mappings and then groups those types into traffic classes. Profiles also
specify the Traffic Class Flow (TCF), which is LL (lossless; PFC initiated upstream) or nL (lossy; PFC
not initiated upstream).
There are 11 pre-defined DCB profiles (DCP 1–11) available that represent common applications of the
DCB standards (see “Pre-Defined DCB Profiles (Unicast)” on page 2-14). Creating custom profiles is also
allowed; a maximum of 128 (including the 11 pre-defined) profiles per switch is supported.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-14
Configuring Data Center Bridging Using DCB Profiles
DCB Profile 1
DCB Profile 2
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-15
Configuring Data Center Bridging Using DCB Profiles
DCB Profile 3
DCB Profile 4
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-16
Configuring Data Center Bridging Using DCB Profiles
DCB Profile 5
DCB Profile 6
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-17
Configuring Data Center Bridging Using DCB Profiles
DCB Profile 7
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-18
Configuring Data Center Bridging Using DCB Profiles
DCB Profile 9
DCB Profile 10
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-19
Configuring Data Center Bridging Configuring DCB Profiles
DCB Profile 11
The Windows driver for an Intel NIC has a fixed number of traffic classes (eight) and the priority to TC
mapping uses a linear mapping. To support ETS BW allocations with eight traffic classes and linear
priority to traffic class mapping, use DCB profile 11 (DCP 11).
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-20
Configuring Data Center Bridging Configuring DCB Profiles
Once the custom profile is created, the following traffic class attributes for the profile are configurable
using the qos qsp dcb tc command:
3 Enabling or disabling PFC is allowed on any TC in the custom profile. The PFC status applies to all
priorities within the specific TC.
4 Changing Weights (Min Rate) on any of the ETS TC is allowed, with ?ETS_TC_Weights < =
100%Available_PR (after SP allocation).
5 Changing PIR (shaper)/Max Rate is allowed on all TC Classes/Types (essential for high Priority SP
(runaway) classes).
6 When a custom profile is modified, the changes are applied to all ports that are associated with that
custom profile. To apply specific changes to a single port (QSet instance), import a custom or default
profile into a new custom profile, make the necessary changes, then apply the new custom profile to the
port.
To view the DCB profile configuration for the switch, use the show qos qsp dcb command. For example:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-21
Configuring Data Center Bridging Configuring DCB Profiles
ETS
Priority PFC Max Template-DCP 802.3x
# Name TC Map Cap TC # Name Pause-Ready
---+------------+--------+---+---+---+------------+-----------
1 dcp-1 00001122 8 8 1 dcp-1 No
2 dcp-2 00112233 8 8 2 dcp-2 No
3 dcp-3 00112234 8 8 3 dcp-3 No
4 dcp-4 10223345 8 8 4 dcp-4 No
5 dcp-5 10234456 8 8 5 dcp-5 No
6 dcp-6 10234567 8 8 6 dcp-6 No
7 dcp-7 01234567 8 8 7 dcp-7 No
8 dcp-8 01234567 8 8 8 dcp-8 No
9 dcp-9 10234567 8 8 9 dcp-9 No
10 dcp-10 10234567 8 8 10 dcp-10 No
20 dcp-20 10234567 8 8 10 dcp-10 No
See the OmniSwitch AOS Release 8 CLI Reference Guide for more information about related show
commands.
2 Disable PFC TLV and PFC willing on the port that will support the PAUSE frames. For example:
-> qos qsi port 1/1/5 dcb dcbx pfc tlv disable
-> qos qsi port 1/1/5 dcb dcbx pfc willing no
When this type of custom profile is applied on an ingress port, a legacy PAUSE frame is sent on the
ingress port back to the server during congestion on the egress.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-22
Configuring Data Center Bridging Configuring DCBX Port Parameters
In addition to configuring the status of DCBX on a port, the following DCBX port attributes are also
configurable using the qos qsi dcb dcbx pfc and qos qsi dcb dcbx ets commands:
• The “willing” bit setting (Yes or No) for PFC and ETS. This parameter is set to Yes, which means that
when a profile configuration mismatch occurs between two directly connected devices:
– The PFC settings are resolved based on the settings of the device with the lowest MAC address.
– The ETS settings from the other device are accepted by each device.
• The status of configuration TLV transmission for PFC and ETS (enabled by default).
To verify the DCBX port configuration, use the show qos qsi dcb dcbx command. For example:
See the OmniSwitch AOS Release 8 CLI Reference Guide for more information about the qos qsi dcb
dcbx and related show commands.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-23
Configuring Data Center Bridging Multicast and Unicast Traffic Distribution
• When sending Higher Priority MC 100% and UC 100%, the distribution is 32% of MC and 68% of
UC.
Non-Default Profile
The CoS model implemented also applies for non-default QSet profiles (QSP 2–4), except on the
OmniSwitch 6900. The multicast and unicast queue mapping for non-default QSet profiles (QSP 2–4) and
non-default DCB profiles (DCP 1–7, 9–128) on the OmniSwitch 6900, is as follows:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-24
Configuring Data Center Bridging Multicast and Unicast Traffic Distribution
• If UC7 and UC6 are Weighted Round Robin, then MC3 (priority 6 and 7) will also use Weighted
Round Robin. The weight of MC3 will be the average of the weights for UC6 and UC7.
For DCB profile ETS behavior, where a Traffic Class (TC) can have more than one priority, multicast
queues will follow the corresponding unicast queue behavior. For example:
DCB Profile 1:
TC 0 (Priority 0 -3)
TC 1 (Priority 4 -5)
TC 2 (Priority 6 -7)
TC 0 has UC0 through UC3 in Round Robin, so MC0 (priority 0 and 1) and MC1 (priority 2 and 3) will
also participate in the Round Robin behavior of TC 0.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-25
Configuring Data Center Bridging Multicast and Unicast Traffic Distribution
There are additional multicast queues in the OmniSwitch 6900-Q32 and OmniSwitch 6900-X72. As a
result, traffic distribution is based on the priority value regardless of whether the traffic is multicast or
unicast. In other words, multicast traffic with priority 1 and unicast with priority 1 are given equal
distribution.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-26
Configuring Data Center Bridging Verifying the DCB Configuration
show qos qsp dcb Displays the configured DCB profiles and the traffic classes
associated with the DCB profile.
show qos qsi dcb dcbx Displays the Data Center Bridging Exchange (DCBX) port
configuration and status.
show qos qsi dcb ets Displays the DCB Enhanced Transmission Selection (ETS) port
configuration and status.
show qos qsi dcbx pfc Displays the DCB Priority-based Flow Control (PFC) port
configuration and status.
show qos pfc-lossless-usage Displays the PFC lossless priority usage for the switch.
show qos qsi dcb pfc stats Displays PFC port statistics.
show configuration snapshot vfc Displays the current running configuration for DCB, QSP, PFC, and
ETS.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 2-27
3 Configuring a VXLAN
Gateway
A Virtual eXtensible Local Area Network (VXLAN) is a Layer 2 overlay network that is used to segment
and tunnel device traffic through a data center or cloud network infrastructure. The OmniSwitch
implementation of this feature introduces the following benefits into the network:
• Provides Layer 2 connectivity between devices in the same VLAN over an IP transport network. For
example, a Virtual Machine (VM) can communicate across a Layer 3 network with a remote VM as
long as both VMs reside in the same VLAN domain on either side of the Layer 3 network.
• Increases the scalability of the network beyond the limit of 4096 VLANs. A VXLAN Network
Identifier (VNI) is used to isolate VLAN traffic into logical network segments. Up to 16 million logical
networks (segment IDs) are possible when VXLAN is implemented.
• Conserves MAC address table space by allowing duplicate MAC addresses to reside within the
VXLAN domain, as long as each address is associated with a different VNI.
• Transparently extends the Layer 2 network by connecting VLANs from multiple hosts through
VXLAN (UDP) tunnels.
• Provides Layer 2 migration of a Virtual Machine (VM) across a Layer 3 infrastructure to a remote
server host; without VXLAN, Layer 2 migration is restricted to other servers within the local Layer 2
• Allows Layer 2 VM migration across a Layer 3 infrastructure to a remote server host; without
VXLAN, VM migration occurs only within a Layer 2 infrastructure to a local server host.
• Provides a gateway device that sits at the edge of a VXLAN UDP tunnel to serve as a VXLAN Tunnel
End Point (VTEP). An OmniSwitch VXLAN gateway offers a high bandwidth, low latency option for
connecting VM traffic to remote servers or other VMs over a Layer 3 network.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-1
Configuring a VXLAN Gateway In This Chapter
In This Chapter
This chapter provides an overview about how the VXLAN feature works and how to configure VXLAN
components through the Command Line Interface (CLI). CLI commands are used in the configuration
examples; for more details about the syntax of commands, see the OmniSwitch AOS Release 8 CLI
Reference Guide.
This chapter includes the following topics:
• “VXLAN Service Defaults” on page 3-3.
The acronyms and abbreviations used in this chapter are defined here:
VM Virtual Machine
VNI VXLAN Network Identifier (also referred to as a
Segment ID)
VTEP VXLAN Tunnel End Point
VXLAN Virtual eXtensible Local Area Network
VXLAN Segment A VXLAN Layer 2 overlay network.
VXLAN Gateway A device on which traffic is forwarded between
VLAN and VXLAN domains.
VXLAN Service A service instance associated with a VNI.
PIM Protocol Independent Multicast
BIDIR-PIM Bidirectional PIM
SAP Service Access Point
SDP Service Distribution Point
SDP Bind The binding of a VXLAN service to an SDP.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-2
Configuring a VXLAN Gateway VXLAN Service Defaults
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-3
Configuring a VXLAN Gateway Quick Steps for Configuring a VXLAN Gateway
1 Use the service access command to configure a port or link aggregate as a service access port on which
Virtual Machine (VM) traffic is received.
-> service access port 1/1
-> service access port 2/1
2 Use the service sdp vxlan command to create a VXLAN tunnel interface that will handle the
processing of VM frames and VXLAN encapsulated packets.
-> service sdp 100 vxlan multicast-group 224.2.1.1 ttl 20 description "PIM Group
224.2.1.1"
-> service sdp 200 vxlan far-end 10.10.10.2 description "Unicast to NodeB"
3 Use the service vxlan command to create a VXLAN service and associate that service with a VXLAN
Network ID.
-> service 10 vxlan vnid 1000 multicast-mode tandem admin-state enable
-> service 20 vxlan vnid 2000 multicast-mode head-end admin-state enable
4 Use the service sap command to create a Service Access Point (SAP) by associating a VXLAN service
with SAP ID. A SAP ID is comprised of a port or link aggregate and an encapsulation value that identifies
the device traffic to associate with the service.
-> service 10 sap port 1/1:10 admin-state enable
-> service 20 sap port 2/1:all admin-state enable
5 Use the service bind-sdp command to bind the VXLAN services created in Step 3 to the SDPs created
in Step 2.
-> service 10 bind-sdp 100 description "Bind to PIM Group 224.2.1.1"
-> service 20 bind-sdp 200 description "Unicast Bind to 10.10.10.2 VTEP"
6 Use the ip interface command to configure the Loopback0 interface that will serve as the source IP
address of the VXLAN gateway (VXLAN Tunnel End Point).
-> ip interface Loopback0 address 11.255.14.102
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-4
Configuring a VXLAN Gateway VXLAN Overview
VXLAN Overview
The VXLAN feature is similar to other tunneling and network virtualization solutions, such as Shortest
Path Bridging (SPB), in that an encapsulation technique is used to tunnel device traffic through the
network. The technique implemented with the VXLAN feature encapsulates an Ethernet MAC frame
received from a Virtual Machine (VM) into an IP packet with a UDP header, then forwards the packet on
a Layer 3 network.
Configuring VXLAN components on the OmniSwitch allows the switch to operate as a VXLAN gateway
device. This type of device connects VXLAN and non-VXLAN (traditional VLAN) segments. The
following terms and definitions describe the VXLAN components discussed in this chapter.
• VXLAN segment: A VXLAN Layer 2 overlay network used to tunnel traffic between Virtual
Machines (VMs). Each segment is identified with a VXLAN network identifier, which is similar to a
VLAN ID (used to segment network traffic into virtual bridging domains). Only VMs associated with
the same VXLAN segment can communicate with each other.
• VXLAN network identifier (VNI): A 24-bit number that identifies a VXLAN segment (also referred
to as a VXLAN segment ID). A VNI is used to associate a VM MAC frame with a VXLAN segment
when the frame is encapsulated with a VXLAN header.
• VXLAN Tunnel Interface (VTI): A UDP tunnel that forwards encapsulated VXLAN packets
between VXLAN Tunnel End Points. On the OmniSwitch, the VTI function is provided through a
Service Distribution Point (SDP) and the binding of VXLAN services to the SDP. A VTI is treated as
just another Layer 2 interface within a bridging domain.
• VXLAN Tunnel End Point (VTEP): A switch configured with one or more VTIs. The VTEP
provides an initiation and termination point for each VXLAN segment bound to the VTI. This is the
point at which Layer 2 VM frames are encapsulated and sent through the tunnel or the encapsulation
header is removed from a VXLAN packet and the Layer 2 VM frames are forwarded on a traditional
VLAN domain.
• VXLAN gateway: A device that serves as a VTEP to transparently bridge traffic between VXLAN and
traditional VLAN domains. A VXLAN gateway switch represents a single VTEP on which multiple
VTIs may exist. On the OmniSwitch, a VTEP is identified by the IP address configured for the
Loopback0 interface.
The following diagram provides an example of a VXLAN deployment:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-5
Configuring a VXLAN Gateway VXLAN Overview
Layer 2 Network
Layer 2 Network
VM VM VM VM VM VM VM VM
In this example:
• The OmniSwitch serves as a VXLAN gateway. The VTEPs on each switch initiate and terminate
VXLAN tunnels to form a virtual network over the shared Layer 3 infrastructure.
• VM traffic initiated from one of the servers traverses a Layer 2 network within a specific VLAN
domain and reaches the VXLAN gateway switch.
• If the gateway switch determines that the VM traffic is destined for another server or VM that is on a
remote Layer 2 network, the gateway encapsulates the traffic and forwards it on the VXLAN tunnel.
• When the gateway switch receives an encapsulated VXLAN packet, the encapsulation header is
removed and the original VM traffic is forwarded onto the VLAN domain for which the VM traffic
was destined.
• The VXLAN gateway encapsulation and forwarding process is transparent to the VMs in this example.
• If the gateway switch determines that the VM traffic is destined for another device within the local
Layer 2 network, then the traffic is bridged on the local VLAN domain. In this case, the VXLAN
encapsulation and tunneling process is not used.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-6
Configuring a VXLAN Gateway VXLAN Overview
VXLAN Encapsulation
When an OmniSwitch VXLAN gateway receives an Ethernet MAC frame originating from a Virtual
Machine (VM) that is destined for a remote VM, the switch encapsulates the frame into an IP packet for
transport through a VXLAN service tunnel. The following is an example of the IP packet format after
VXLAN encapsulation:
VXLAN Encapsulation
Note. VXLAN encapsulation adds 50 bytes of overhead to the original frame. VTEPs must not fragment
the VXLAN packets. However, intermediate routers may fragment the encapsulated VXLAN packets due
to the larger frame size, and the destination VTEP may silently ignore the fragmented packets.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-7
Configuring a VXLAN Gateway VXLAN Overview
• An IP header containing a source and destination IP. The source IP is the IP address of the local VTEP.
The destination IP is a multicast IP address designated for BUM traffic.
• A UDP header containing a source port derived from the original ARP frame and the destination UDP
port number that is designated for VXLAN traffic.
The encapsulated ARP frame is then sent out to the IP multicast group on which the VXLAN segment
exists. This requires a mapping between the VXLAN VNI and the multicast group IP address. On the
OmniSwitch, this mapping is achieved through the manual configuration of a VXLAN Service
Distribution Point (SDP) to define a VXLAN tunnel and associate the tunnel with a multicast group IP
address. A VXLAN service associated with a VNI is then manually bound to the SDP.
The destination VM sends a standard ARP response which is also encapsulated and sent through a
VXLAN tunnel. However, the response is sent using IP unicast to the VTEP of the originating VM. This
is possible because the destination MAC address for the ARP response is mapped to the VTEP IP address
that was previously learned when the ARP request was generated. The dynamic learning of a remote MAC
address association with a remote VTEP IP address is retained for future communication with traffic
destined for that specific MAC address.
Multicast Forwarding
An OmniSwitch VXLAN gateway supports the transport of learned unicast and broadcast, unknown
unicast, and multicast (BUM) traffic across VXLAN segments. The learned unicast traffic is directed to
the destination virtual port on which the destination MAC was learned. If the traffic is sent out on a local
virtual port, no encapsulation is required. If the traffic is sent out to a remote destination through a
VXLAN tunnel, the traffic is encapsulated with the outer destination IP address set to the IP address of the
remote VTEP. On the OmniSwitch, this is the IP address configured for the Loopback0 interface.
BUM traffic is flooded out to remote VTEPs using one of two methods: tandem or head-end replication.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-8
Configuring a VXLAN Gateway VXLAN Overview
• Head-end replication. Multicast traffic is replicated once for each receiver, encapsulated and then sent
as a unicast packet to each destination. This method requires known Loopback0 IP addresses for all
remote VTEPs participating in the same VXLAN segment. This is achieved through the manual
configuration of a VXLAN Service Distribution Point (SDP) with a far-end unicast IP address. Head-
end replication is more suited for networks where there is a low demand for multicast traffic.
• Tandem. This is standard IP multicast, where a multicast routing protocol (BIDIR-PIM on the
OmniSwitch) forms a forwarding topology for each multicast group IP address. Each VTEP only has to
signal through the multicast routing protocol their interest in the multicast groups assigned to the VNIs
in which the VTEP participates. The tandem method requires manual configuration of an SDP with a
multicast group IP address instead of a far-end unicast IP address.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-9
Configuring a VXLAN Gateway VXLAN Overview
The access port is also associated with a Layer 2 profile that specifies how to process protocol control
frames received on the port.
• Service Access Point (SAP)—A SAP is a logical service entity (also referred to as a virtual port) that
is configured on a gateway switch to bind an access port and traffic received on that port to a VXLAN
service ID (and the associated VNI).
• Service Distribution Point (SDP)—An SDP provides a logical point at which device traffic is
directed from one VXLAN gateway to another VXLAN gateway. SDPs are used to set up distributed
services, which consist of at least one SAP on a local node, one SAP on a remote node, and an SDP
binding the service on both nodes. An SDP serves as the VXLAN Tunnel Interface (VTI) on a gateway
switch.
• SDP Bind—An SDP binding represents the binding of a VXLAN service instance to an SDP. The
SDP then distributes the service connectivity to other VXLAN gateways.
The following diagram shows how the above components are used to construct a VXLAN overlay
network and tunnel traffic through that network:
VXLAN Tunnel
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-10
Configuring a VXLAN Gateway Interaction With Other Features
Hardware
VXLAN is not supported on ports or link aggregates that have the following features enabled:
Features
Individual linkagg member port UNP is a property of a link aggregate logical port
and not a property of an individual member port.
Tagged port Tagged VLAN-port associations (VPAs) are
created by UNP after learning a MAC address.
VLAN stacking UNI port VXLAN is one type of service. Other types of
services are not configurable on the same port.
VLAN stacking NNI port VXLAN is an access port function; not supported
on the network side.
ERP port: ERP can control the forwarding behavior of the
port (similar to STP)
Port mirroring port Carries the traffic from other ports; does not carry
any original traffic.
Ports configured with a static MAC If static MAC addresses are configured, then
address VXLAN does not have full control of the traffic
on that port.
Ports with MAC address learning VXLAN needs to learn the MAC address to
disabled determine how to process the Layer 2 frames and
encapsulated VXLAN packets. If learning is
disabled, this functionality is not achieved.
Service Manager Access Port If a port is already a Service Manager access port,
then enabling UNP does not flush the services
already learned on the port. It may cause an
inconsistent state across modules.
FCoE Initiation Protocol Snooping FIPS program policies are based on the notion of
(FIPS) a physical port, whereas VXLAN is applied
through virtual ports. Both cannot coexist on the
same port.
Link Aggregation
• Both static and dynamic link aggregates are configurable as service access ports.
• Note that a link aggregate must consist of all access ports or all network ports. VXLAN functionality is
not supported on link aggregates that consist of a mixture of access ports and standard switch ports.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-11
Configuring a VXLAN Gateway Interaction With Other Features
Loopback0 IP Interface
Configuring the Loopback0 IP interface is required to allow the OmniSwitch to serve as a VXLAN Tunnel
End Point (VTEP), also referred to as a VXLAN gateway. The IP network address for this interface is
used as the source IP address for the VTEP, which is used in VXLAN encapsulation.
• A routing protocol or static route configuration is required to ensure reachability between all the VTEP
IPs in the VXLAN overlay network.
• The Loopback0 IP address can be redistributed using a route-map to propagate reachability in the
Layer 3 cloud.
• A multicast routing configuration is also required to ensure that all the VTEPs join the associated
multicast group.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-12
Configuring a VXLAN Gateway Interaction With Other Features
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-13
Configuring a VXLAN Gateway Interaction With Other Features
Source Learning
• Source learning is used to discover the association between a VM source MAC address and a VTEP IP
address.
• The “vxlan” domain parameter is available to filter the MAC address table output for VXLAN traffic.
• Configure network ports only on the OS6900-Q32 or OS6900-X72. This is done to make sure that all
the routing and multicast functionality required to support the VXLAN tunnel service is only provided
through the OS600-Q32 or OS6900-X72 chassis.
• ECMP routes are not supported for VXLAN tunnels when the service access ports are on OS6900
models other than the OS6900-Q32 or OS6900-X72. Configure all routing for VXLAN tunnels to
avoid ECMP on the network ports. Otherwise, user traffic that originates on the other OS6900 models
cannot be forwarded out the VXLAN tunnel ports on the OS6900-Q32 or OS6900-X72.
• Configure SAPs on any of the OS6900 models.
• Setting a higher chassis priority for the OS6900-Q32 or OS6900-X72 is recommended to give the
OS6900-Q32 or OS6900-X72 a higher precedence for the VC master selection.
Configuring a mixed VC setup incorrectly could lead to unexpected behavior. Configuration restrictions
are not imposed through the implementation of this feature. It is strictly up to the administrator to
configure VXLAN in a mixed VC setup according to the recommended guidelines.
The following table contains the maximum values for resources in a mixed VC setup:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-14
Configuring a VXLAN Gateway Interaction With Other Features
If a VC setup consists of all OS6900-Q32 switches or all OS6900-X72 switches, the configuration
guidelines and maximum resource values described in this section do not apply.
VXLAN Snooping
A software mechanism used to identify and inspect VXLAN packets (encapsulated VM frames) received
on OmniSwitch interfaces configured as VM snooping ports. VM snooping builds a database of the VM
information obtained during the snooping process. This information is then available for administrators to
use for traffic managing, monitoring, and troubleshooting.
VRF
The VXLAN functionality is supported only in the default VRF instance.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-15
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
1 Configure the required routing and multicast framework. Although any IGP routing protocol can
be used to build the routing domain for unicast paths, static routes are recommended for performance and
stability. Configuring BIDIR-PIM is used to build the multicast domain.
2 Create a VXLAN service. A Service Manager service ID is associated with a VXLAN Network ID
and a service access point (SAP) to identify the device traffic that the service will tunnel through the
VXLAN segment. See “Creating a VXLAN Service” on page 3-17.
3 Configure service access ports. One or more access ports are associated with a Service Access Point
to identify to the service which ports will receive device traffic that the service will process for tunneling
through the VXLAN segment. When an access port is associated with a SAP, the SAP parameter attributes
are applied to traffic received on the access port. See “Configuring Service Access Ports” on page 3-21.
4 Optionally define access port profile attributes. A default Layer 2 profile is automatically assigned
to an access port at the time the port is configured as an access port. This profile determines how control
frames received on the port are processed. It is only necessary to configure a Layer 2 profile if the default
attribute values are not sufficient. See “Configuring Layer 2 Profiles for Access Ports” on page 3-21.
5 Configure a VXLAN Service Access Point (SAP). A SAP binds a VXLAN service to an access port
and defines which device traffic is tunneled through the service. Each SAP is associated to one service ID,
but a single service can have multiple SAPs to which it is associated. See “Configuring Service Access
Points (SAPs)” on page 3-19.
6 Configure a VXLAN Service Distribution Point (SDP). An SDP serves as a VXLAN tunnel
interface on a VXLAN gateway switch and defines a unicast or multicast path for a VXLAN segment. See
“Configuring Service Distribution Point (SDPs)” on page 3-27.
7 Bind a VXLAN service to an SDP. An SDP defines a path, and binding a VXLAN service to an SDP
defines the path on which service traffic is forwarded. SDPs and SDP bindings require manual
configuration. See “Binding VXLAN Services to SDPs” on page 3-28.
8 Optionally define the UDP destination port for VXLAN packets. By default, the well-known UDP
port number 4789 is used in VXLAN packets. To change this number, see “Configuring the UDP Port for
a VXLAN Gateway” on page 3-30.
Refer to the “VXLAN Gateway Configuration Examples” on page 3-31 to see how the these configuration
steps are used to build a VXLAN overlay network.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-16
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
The VNI number specified with this command creates a new segment ID that is bound to the specified
service ID. The service will then carry all VXLAN traffic associated with the specified segment ID.
Refer to the OmniSwitch AOS Release 8 CLI Reference Guide for more information about the above
parameters and related commands.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-17
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
The following table shows the required translation (tag is added or replaced) that takes place when the
egress SAP configuration is applied to the possible frame types (untagged, tagged, double-tagged). Note
that in this table the terms “ITAG” and “OTAG” refer to inner tag and outer tag, respectively.
Enabling VLAN translation is required at two different levels: first at the access port level and then at the
service level. This activates VXLAN translation for all of the SAPs on an access port that belong to the
same service.
To enable translation at the service level, use the service vlan-xlation command. For example:
-> service 10 vlan-xlation enable
To enable VLAN translation for all services, use the all parameter with the same command. For example:
-> service all vlan-xlation enable
To disable VLAN translation, use the service vlan-xlation command with the disable parameter. For
example:
-> service 10 vlan-xlation disable
-> service all vlan-xlation disable
To enable VLAN translation at the port level, use the service access vlan-xlation command. For example:
-> service access port 1/11 vlan-xlation enable
See “Configuring Service Access Ports” on page 3-21 for more information.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-18
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
Total Services: 4
To view the configuration for an individual service, use the show service command and specify the
VXLAN service ID. For example:
-> show service 10
VxLAN Service Detailed Info
Service Id : 10, Description : VXLAN Svc VNID 1000,
VNID : 1000 (0.1.56),
Multicast-Mode : Tandem,
Admin Status : Up, Oper Status : Up,
Stats Status : Yes, Vlan Translation : No,
Service Type : VxLAN, Allocation Type : Static,
MTU : 9194, Def Mesh VC Id : 1,
SAP Count : 1, SDP Bind Count : 3,
Ingress Pkts : 0, Ingress Bytes : 0,
Egress Pkts : 0, Egress Bytes : 0,
Mgmt Change : 10/19/2014 13:20:42, Status Change : 10/19/2014 13:20:42
• Configure Layer 2 profiles to determine how control packets are processed on access ports.
• Create a SAP by associating a SAP ID with a service ID. A SAP ID is comprised of an access port and
an encapsulation value, which is used to identify the type of traffic (untagged, single-tagged, or double-
tagged) to map to the associated service.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-19
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
• When a SAP is deleted, all configuration parameters for the SAP are also deleted.
• A SAP is owned by and associated with the service that was specified at the time the SAP was created.
• Multiple SAPs with different service types, such as a VXLAN or a Shortest Path Bridging (SPB)
service, are allowed on the same service access port. For example, the following show service access
command output shows two SAPs for port 2/1/30: one SAP bound to a VXLAN service and the other
SAP bound to an SPB service:
-> show service acc port 2/1/30 sap
Legend: * denotes a dynamic object
Vlan
Identifier Adm Oper Stats T:P ServiceId Isid/Vnid Xlation Sap Description
-------------+----+----+-----+----+-----------+---------+-------+---------------
sap:2/1/30A:0 Down Down N Y:x 20 1500 N -
sap:2/1/30A:5 Up Down N Y:x 10 23000 N -
Total SAPs: 2
• If a port is administratively shutdown, all SAPs on that port become operationally out of service.
• Both fixed ports and link aggregates are configurable as access ports. Only access ports are associated
with SAPs.
• Bridging functionality is not supported on access ports or link aggregates.
• Configuring multiple SAPs on an access port that map different VLAN tags to the same service can
cause a MAC move when the same MAC address ingresses the access port with different VLAN tags.
For example, a MAC has two flows tagged with VLAN 10 and VLAN 20 that ingress access port 1/1
and both flows are mapped to service 100.
-> service 100 sap port 1/1:10
-> service 100 sap port 1/1:20
To avoid the MAC move in this scenario, use one of the following alternative SAP configurations.
Configure the SAPs with different services:
-> service 100 sap port 1/1:10
-> service 200 sap port 1/1:20
Configure a default SAP to classify both flows into the same service:
-> service 100 sap port 1/1:all
See “Creating the Service Access Point” on page 3-23 for more information.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-20
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
In the link aggregate example, an optional description parameter is used to add information to the access
port. This parameter is available at the time the port is configured as an access port or to change or remove
a description from an existing access port. For example, the following command removes the description
from link aggregate 100:
-> service access linkagg 100 no description "Server Access Port"
After the description is removed, link aggregate 100 continues to operate as a service access port. To
revert an access port back to a regular switch port or link aggregate, use the no form of the service access
command. For example:
-> no service access port 1/2
-> no service access linkagg 100
To disable VLAN translation on an access port, use the service access vlan-xlation command with the
disable option. For example:
-> service access port 1/3 vlan-xlation disable
-> service access linkagg 10 vlan-xlation disable
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-21
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
Protocol Default
STP tunnel
802.1x drop
802.1ab drop
802.3ad peer
GVRP tunnel
MVRP tunnel
AMAP discard
If the default profile values are not sufficient, use the service l2profile command with the tunnel,
discard, and peer options to create a new profile. For example, the following command creates a profile
named “DropL2”:
-> service l2profile DropL2 stp discard gvrp discard 802.1ab discard
• When a profile is created, the new profile inherits the default profile settings for processing control
frames. The default settings are applied with the new profile unless they are explicitly changed. For
example, the profile “DropL2” was configured to discard STP, GVRP, and 802.1ab frames. No other
protocol settings were changed, so the default settings still apply for the other protocols.
• Remove any profile associations with access ports before attempting to modify or delete the profile.
To delete a Layer 2 profile, use the no form of the service l2profile command. For example, the following
command deletes the “DropL2” profile:
-> no service l2profile DropL2
Use the show service l2profile command to view a list of profiles that are already configured for the
switch. This command also displays the attribute values for each profile.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-22
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
The service access l2profile command is used to assign a new profile to an access port. For example, the
following command assigns the “DropL2” profile to access port 1/4:
-> service access port 1/4 l2profile DropL2
-> service access linkagg 5 l2profile DropL2
To change the profile associated with the access port back to the default profile (def-access-profile), use
the default option with the service access l2profile command. For example:
-> service access port 1/4 l2profile default
-> service access linkagg 5 l2profile DropL2
Use the show service access command to display profile associations for access ports.
*Note that the :all (wildcard) parameter is also configurable as the inner tag value for double-tagged
frames (for example, “10:all” specifies double-tagged packets with an outer tag equal to 10 and an
inner tag with any value).
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-23
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
The following service sap command example creates a SAP that will direct ingress traffic on access port
1/4 that is tagged with VLAN ID 50 to service 100:
-> service 100 sap port 1/4:50 description “Server1 VMs to VXLAN100 VLAN 50”
In the above example, the 1/4:50 designation is referred to as the SAP ID or the encapsulation ID. This
means that if no other SAPs are configured for port 1/4, then any ingress traffic on that port is dropped if
the traffic is not tagged with VLAN 50.
In this example,
• Frames double-tagged with 100 (outer tag) and 200 (inner tag) are sent on service 1000.
• All other frames (those that are not single-tagged with 100 or double-tagged with 100 and 200) are sent
on service 2000.
The following SAP ID classification precedence is applied when there are multiple SAPs for one access
port:
1 Double-tagged (Outer VLAN + Inner VLAN) - Highest
3 Single-tagged (VLAN)
4 Single-tagged (wildcard)
5 Untagged - Lowest.
In this example, any ingress traffic on access ports 1/11 through 1/20 that is tagged with a VLAN ID in the
range of 21 through 30 is classified into the VXLAN SAP. The following command provides an example
of specifying a range of link aggregate access ports:
-> service 20 sap linkagg 1-10:100 un-trusted description “Untrusted SAPs for
lag 1-10 with tag 100"
When specifying a range of VLAN IDs with this command on an OmniSwitch 6900-Q32, consider the
following guidelines:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-24
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
• Each service access port supports a maximum of 8 SAPs that are created with a range of VLANs.
• A total of 255 service access ports can support a range of VLANs at any given time.
• The range of VLANs specified for the SAPs of a service access port cannot overlap each other.
• For double-tagged SAPs, separate range commands can be specified for both outer and inner VLAN
tags.
• The outer VLAN range space is shared with the same space as QTAG SAP. The combined limit is 8
unique ranges per service access port. This is in addition the 8 unique inner VLAN range per service
access port.
Refer to the OmniSwitch AOS Release 8 CLI Reference Guide for more information about the command
parameters.
When a SAP is trusted, the priority value contained in tagged device packets is used; untagged packets are
assigned the default priority value (zero). When a SAP is untrusted, the priority value configured for the
SAP is assigned to both tagged and untagged customer packets.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-25
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
Sap Trusted:Priority/
Identifier Adm Oper Stats Sdp FarEnd Addr Intf Description
----------------+----+----+-----+---------------------+--------+-------------------
sap:1/3:0 Up Up N Y:x 1/20 -
sap:1/3:10 Up Up N Y:x 1/20 -
sdp:32770:1* Up Up Y 10.10.10.2 1/1/1 PIM Group 224.2.1.1
sdp:32771:1* Up Up Y 10.10.10.3 1/1/2 PIM Group 224.2.1.1
sdp:32772:1* Up Up Y 10.10.10.4 1/1/1 PIM Group 224.2.1.1
Total Ports: 5
To view the configuration information for a specific VXLAN network identifier, use the show service
ports command with the vnid parameter option. For example:
-> show service vnid 1000 ports
Legend: (*) dyn unicast object
VxLAN Service 1 Info
Admin : Up, Oper : Up, Stats : Y, VlanXlation : Y,
VNID : 1000 (0.1.56), MCast-Mode : Tandem, MCast-Group : 224.2.1.1
Sap Trusted:Priority/
Identifier Adm Oper Stats Sdp FarEnd/Group Addr Intf Description
----------------+----+----+-----+---------------------+--------+-------------------
sap:1/3:0 Up Up N Y:x 1/20 -
sap:1/3:10 Up Up N Y:x 1/20 -
sdp:10:1 Up Up Y 224.2.1.1 - PIM Group 224.2.1.1
sdp:32770:1* Up Up Y 10.10.10.2 1/1/1 PIM Group 224.2.1.1
sdp:32771:1* Up Up Y 10.10.10.3 1/1/2 PIM Group 224.2.1.1
sdp:32772:1* Up Up Y 10.10.10.4 1/1/1 PIM Group 224.2.1.1
Total Ports: 5
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-26
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
In this example, the far-end option is used to specify a single destination unicast IP address that identifies
a far-end VTEP node to which the SDP will tunnel traffic. This IP address is the Loopback0 interface
address configured on every switch that serves as a VTEP.
In the following example, a multicast SDP is configured by using the multicast-group parameter option:
-> service sdp 10 vxlan multicast-group 224.2.1.1 ttl 20 description "PIM Group
224.2.1.1"
This example command specifies the multicast group address to which all broadcast, unknown unicast,
and multicast (BUM) traffic is sent. All VTEP nodes that subscribe to the same multicast group through
this type of SDP will receive the same traffic. Note that the ttl parameter value specified with this
command is included in the IP header of the VXLAN encapsulation header.
Enabling/Disabling an SDP
By default, an SDP is enabled at the time the SDP is created. To disable the SDP administrative status, use
the service sdp vxlan command with the admin-state parameter option. For example:
-> service sdp 10 admin-state disable
-> service sdp 20 admin-state disable
Deleting an SDP
When an SDP is administratively disabled, the SDP configuration is not removed from the switch. To
delete an SDP from the switch configuration, use the no form of the service sdp vxlan command. For
example:
-> no service sdp 10
-> no service sdp 20
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-27
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
Use the far-end and multicast-group parameter options with the show service sdp vxlan command to
display only VXLAN SDPs associated with a specific far-end IP address or a specific multicast group IP
address. For example:
Total SDPs: 1
Total SDPs: 1
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-28
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
In these two examples, the switch will tunnel all traffic classified into the SAP associated with VXLAN
service 1 through SDP 10 and will tunnel all traffic classified into the SAP associated with VXLAN
service 2 through SDP 20.
To bind a range of services to a single SDP ID, use the service bind-sdp command with a hyphen to
specify a range of services. For example:
-> service 1-100 bind-sdp 10 description "Binds Services 1-100 to PIM Group
225.2.1.1"
To bind a service to multiple SDP IDs, use the service bind-sdp command with a space between each
service ID. For example:
-> service 3 bind-sdp 30 40 50 60 70 80 90 description “Binds Service 3 to
multiple SDP IDs”
When an SDP binding is created, the binding is automatically enabled. There is no method for configuring
the administrative status for this type of service object.
Total Bind-SDPs: 8
Use the vnid parameter option with the show service bind-sdp command to view only those bindings for
a specific VXLAN Network ID. For example:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-29
Configuring a VXLAN Gateway Configuring a VXLAN Gateway
Total Bind-SDPs: 4
To set the UDP port number back to the default value of 4789, use the service vxlan udp-port command
with the default parameter option. For example:
-> service vxlan udp-port default
Use the show service info command to display the current value of the VXLAN UDP port number.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-30
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
Switch A
SAP 1/1/3:10 Edge Router
(10.10.10.1) SAP 1/1/3:all
SAP 1/1/4:20 Switch D: Edge Router
(10.10.10.4)
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-31
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
• Service 1 is associated with VXLAN Network ID (VNI) 1000 and is bound to the SDP 10 tunnel
interface, which participates in PIM group 224.2.1.1.
• Service 2 is associated with VNI 2000 and is bound to the SDP 20 tunnel interface, which is
configured with a far-end IP address to carry unicast traffic.
• Service 3 is associated with VNI 3000 and is bound to the SDP 30 tunnel interface, which is also
configured with a far-end IP address to carry unicast traffic.
The following CLI command examples are used to configure the sample VXLAN overlay network shown
in “Sample VXLAN Configuration with Static Routes” on page 3-31:
Routing Configuration
The following commands are used to set up the underlying routing framework (Switch A setup is used for
this example):
Standard VLANS
-> vlan 100 admin-state enable
-> vlan 100 members port 1/1/1 untagged
-> vlan 101 admin-state enable
-> vlan 101 members port 1/1/2 untagged
IP interfaces (including Loopback0 to provide the source IP address for the gateway)
-> ip interface “Loopback0” address 10.0.0.1
-> ip interface “v4lan100” address 10.100.0.1/16 vlan 100
-> ip interface “v4lan101” address 10.101.0.1/16 vlan 101
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-32
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
SDPs
-> service sdp 10 vxlan multicast-group 224.2.1.1 ttl 10 description "PIM Group
224.2.1.1"
-> service sdp 20 vxlan far-end 10.10.10.2 description "To Switch B"
-> service sdp 30 vxlan far-end 10.10.10.3 description "To Switch C"
VXLAN Services
-> service 1 vxlan vnid 1000 multicast-mode tandem stats enable description "VXLAN
Service for VNID 1000"
-> service 2 vxlan vnid 2000 multicast-mode head-end description "VXLAN Service for
VNID 2000"
-> service 3 vxlan vnid 3000 multicast-mode head-end description "VXLAN Service for
VNID 3000"
SAPs
-> service 1 sap port 1/1/3:10 stats enable
-> service 2 sap port 1/1/4:20 stats enable
-> service 3 sap port 1/1/5:30 stats enable
SDP Bindings
service 1 bind-sdp 10
service 2 bind-sdp 20
service 3 bind-sdp 30
Switch B:
Service Access Ports
-> service access port 1/1/4
SDPs
-> service sdp 20 vxlan far-end 10.10.10.1 description "To Switch A"
VXLAN Services
-> service 2 vxlan vnid 2000 multicast-mode head-end description "VXLAN Service for
VNID 2000"
SAPs
-> service 2 sap port 1/1/4:20 stats enable
SDP Bindings
-> service 2 bind-sdp 20
Switch C:
Service Access Ports
service access port 1/1/3
service access port 1/1/5
SDPs
-> service sdp 10 vxlan multicast-group 224.2.1.1 ttl 10 description "PIM Group
224.2.1.1"
-> service sdp 30 vxlan far-end 10.10.10.1 description "To Switch A"
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-33
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
VXLAN Services
-> service 1 vxlan vnid 1000 multicast-mode tandem description "VXLAN Service for
VNID 1000"
-> service 3 vxlan vnid 3000 multicast-mode head-end description "VXLAN Service for
VNID 3000"
SAPs
-> service 1 sap port 1/1/3:10
-> service 3 sap port 1/1/5:30
SDP Bindings
-> service 1 bind-sdp 10
-> service 3 bind-sdp 30
Switch D:
Service Access Ports
-> service access port 1/1/3
SDPs
-> service sdp 10 vxlan multicast-group 224.2.1.1 ttl 10 description "PIM Group
224.2.1.1"
VXLAN Services
-> service 1 vxlan vnid 1000 multicast-mode tandem description "VXLAN Service for
VNID 1000"
SAPs
-> service 1 sap port 1/1/3:all
SDP Bindings
-> service 1 bind-sdp 10
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-34
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
DC-CORE-01
OmniSwitch_VC
Virt-Manager NFS
KVM (bridge) KVM (OpenVswitch + VTEP) KVM (bridge)
DC-SERVER-121 DC-SERVER-175 DC-SERVER-185
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-35
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
• The underlying network between the core switches is a point-to-point OSPF with ECMP and a range of
192.168.0.0/16. The use of OSPF with ECMP is specific to this example.
• VXLAN Snooping is configured on the core switches to detect and learn VXLAN traffic.
• Currently one Tenant Network (172.16.0.0/16) is configured. This network is referred to as the “tenant
red_subnet”.
• Virtual Machines (VMs) in the “tenant red_subnet” can communicate with each other through the
VXLAN tunnels formed between the two OmniSwitch VXLAN gateway switches (DC-EDGE-106 and
DC-EDGE-107) and the KVM VXLAN gateway server (DC-SERVER-175).
• VMs in the “tenant red_subnet” can also migrate from one server to another through the provided
VXLAN tunnel.
user@DC-SERVER-175:~$ uname -a
Linux DC-SERVER-175 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Id Name State
----------------------------------------------------
4 red_vm_10 running
5 red_vm_11 running
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-36
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
Port mybridge
Interface mybridge
type: internal
Bridge blue_subnet
Port blue_subnet
Interface blue_subnet
type: internal
Bridge red_subnet
Port "vnet0"
Interface "vnet0"
Port "virbr1"
Interface "virbr1"
Port "vx2"
Interface "vx2"
type: vxlan
options: {dst_port="4789", key="5", remote_ip="100.0.0.106"}
Port red_subnet
Interface red_subnet
type: internal
Port "vnet1"
Interface "vnet1"
Port "vx107"
Interface "vx107"
type: vxlan
options: {dst_port="4789", key="5", remote_ip="100.0.0.107"}
Port "virbr0"
Interface "virbr0"
ovs_version: "2.0.2"
user@DC-SERVER-175:~$
user@DC-SERVER-175:~$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/dc--server2--vg-root 472044848 2770872 445272440 1% /
none 4 0 4 0% /sys/fs/cgroup
udev 4073816 4 4073812 1% /dev
tmpfs 823608 820 822788 1% /run
none 5120 0 5120 0% /run/lock
none 4118024 0 4118024 0% /run/shm
none 102400 0 102400 0% /run/user
/dev/sda1 240972 37050 191481 17% /boot
192.168.25.123:/export/users 94558208 25460736 64271360 29% /var/lib/
libvirt/images/DC-VM-NFS
user@DC-SERVER-175:~$
user@DC-SERVER-175:~$
user@DC-SERVER-175:~$ ifconfig
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-37
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-38
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
user@DC-SERVER-175:~$
The other alternative is to downgrade to an earlier version of OpenVswitch and use a bridge-compatibility
module. The following link provides information about creating bridges and tunnels:
http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-openvswitch/
OmniSwitch Configuration
DC-EDGE-106-> show configuration snapshot svcmgr
! SVCMGR:
service access port 1/1/17A
service access port 1/1/17C
service access port 1/1/18A
service access port 1/1/19B
service sdp 106 vxlan multicast-group 239.0.0.0
service sdp 175 vxlan far-end 192.168.17.5 description "kvm_175"
service sdp 185 vxlan far-end 100.0.0.107 description "AOS_DC_EDGE_107"
service 5 vxlan vnid 5 multicast-mode head-end vlan-xlation enable
service 10 vxlan vnid 10 multicast-mode tandem
service 5 sap port 1/1/17A:0
service 5 sap port 1/1/19B:0
service 10 sap port 1/1/17A:10
service 5 bind-sdp 175 185
service 10 bind-sdp 106
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-39
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
Total Ports: 4
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-40
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-41
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
Switch B (VTEP 2)
10.10.10.2, VLAN 100
Service 1- VNI 1000
(Bound to SDP 10 and SAP 1/1/3:10
to SDP 20) 1/1/2
Switch A (VTEP 1)
10.10.10.1, VLAN 100
SAP 1/1/5:10 1/1/3
1/1/4
Switch C (VTEP 3)
10.10.10.3, VLAN 100
1/1/5
SAP 1/1/6:10
• Switch A is directly connected to Switch B and Switch C through the same VLAN; there is no transit
switch between these connections.
• Service 1 is associated with VXLAN Network ID (VNI) 1000 and is bound to the SDP 10 and SDP 20
tunnel interfaces, which are configured with a far-end IP address to carry unicast traffic.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-42
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
CLI Configuration
The following CLI command examples are used to configure the sample VXLAN overlay network shown
in “Sample VXLAN Configuration with no Routing Framework” on page 3-42:
Switch A:
Standard VLAN and Port Assignment
-> vlan 100 admin-state enable
-> vlan 100 members port 1/1/3 untagged
-> vlan 100 members port 1/1/4 untagged
SDPs
-> service sdp 10 vxlan far-end 10.10.10.2 description "To Switch B"
-> service sdp 20 vxlan far-end 10.10.10.3 description "To Switch C"
VXLAN Services
-> service 1 vxlan vnid 1000 multicast-mode head-end description "VXLAN Service for
VNID 1000"
SAPs
-> service 1 sap port 1/1/5:10 stats enable
SDP Bindings
-> service 1 bind-sdp 10 20
Switch B:
Standard VLAN and Port Assignment
-> vlan 100 admin-state enable
-> vlan 100 members port 1/1/2 untagged
SDPs
-> service sdp 10 vxlan far-end 10.10.10.1 description "To Switch A"
VXLAN Services
-> service 1 vxlan vnid 1000 multicast-mode head-end description "VXLAN Service for
VNID 1000"
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-43
Configuring a VXLAN Gateway VXLAN Gateway Configuration Examples
SAPs
-> service 1 sap port 1/1/3:10
SDP Bindings
-> service 1 bind-sdp 10
Switch C:
Standard VLAN and Port Assignment
-> vlan 100 admin-state enable
-> vlan 100 members port 1/1/5 untagged
SDPs
-> service sdp 20 vxlan far-end 10.10.10.1 description "To Switch A"
VXLAN Services
-> service 1 vxlan vnid 1000 multicast-mode head-end description "VXLAN Service for
VNID 1000"
SAPs
-> service 1 sap port 1/1/6:10
SDP Bindings
-> service 1 bind-sdp 20
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-44
Configuring a VXLAN Gateway Verifying the VXLAN Configuration
For more information about the resulting displays from these commands, see the OmniSwitch AOS
Release 8 CLI Reference Guide.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 3-45
4 Configuring VXLAN
Snooping
The OmniSwitch Virtual eXtensible LAN (VXLAN) Snooping feature attempts to detect and identify
VXLAN traffic by sampling packets to determine if they are VXLAN encapsulated packets. Once this
type of traffic is identified, VXLAN Snooping collects and stores information about the flow in a database
on the local switch. Additional configurable options for this feature include the ability to apply QoS policy
list rules to the identified flow and SNMP trap generation.
In data centers that are using the VXLAN overlay technology, servers running VXLAN look like
individual machines talking IP with other machines. Network devices do not have any visibility into the
overlay network, which can lead to the following:
• Difficulty analyzing errors and cross correlating device and network location.
• The network can only act on the QoS of the external packet, not on the encapsulated Ethernet frame
within the packet. For example, the QoS markings of the inner frame have to be trusted and there is no
way to differentiate between VXLAN Network IDs (VNIs) and individual devices, such as Virtual
Machines (VMs).
The OmniSwitch implementation of VXLAN Snooping makes use of the well-known VXLAN
encapsulation format to identify, analyze, and optionally apply QoS policies to VXLAN packets based on
a VNI and the inner frame fields. Information obtained from this process is stored and used to track the
VMs and VNIs discovered in the network.
Some of the key benefits of using VXLAN Snooping include the following:
• Functionality is enabled or disabled on a per-port basis.
• A database of discovered devices and their respective VNIs along with statistics.
• Two filtering modes for policy lookup to accommodate granularity and scalability of switch resources.
• SNMP trap generation for VXLAN packet flow learning, aging out, and resource limits.
• Can be used on UNP ports for dynamic assignment and applying QoS policy lists.
Note. Throughout this chapter, the terms “VXLAN Snooping” and “VM Snooping” are interchangeable.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-1
Configuring VXLAN Snooping In This Chapter
In This Chapter
This chapter provides an overview of the VXLAN Snooping feature and describes how to configure the
port-based functionality through the Command Line Interface (CLI). CLI commands are used in the
configuration examples; for more details about the syntax of commands, see the OmniSwitch AOS Release
8 CLI Reference Guide.
The following information and procedures are included in this chapter:
• “VXLAN Snooping Defaults” on page 4-3.
For more information about VXLAN, see Chapter 3, “Configuring a VXLAN Gateway.”
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-2
Configuring VXLAN Snooping VXLAN Snooping Defaults
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-3
Configuring VXLAN Snooping Quick Steps for Configuring VXLAN Snooping
When VXLAN Snooping is globally enabled for the switch, the default values provided in “VXLAN
Snooping Defaults” on page 4-3 are applied.
2 Use the vm-snooping port command to enable VXLAN Snooping functionality on one or more switch
ports or link aggregates:
-> vm-snooping port 1/10-25 admin-state enable
-> vm-snooping linkagg 5-10 admin-state enable
Once VXLAN Snooping is globally enabled for the switch and enabled on ports or link aggregates, the
switch starts to sample packets received on the ports to detect and identify VXLAN packet flows.
3 Optional. Use the vm-snooping trap command to enable trap generation when a VXLAN packet flow
is learned or ages out, system resources reach a user-specified threshold, or a module or port on which
VXLAN flows were learned goes down. For example:
-> vm-snooping trap enable
Note. Optional. Verify the VXLAN Snooping configuration using the show vm-snooping config and show
vm-snooping port commands. For example:
To display VXLAN packet flows already learned on the switch, use the show vm-snooping database
command. For example:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-4
Configuring VXLAN Snooping Quick Steps for Configuring VXLAN Snooping
VXLAN VM VM VM
Port PORT VNI SRC MAC VLAN SRC IP
------+------+--------+-----------------+-----+---------------------------------
1/1/3 4789 2000 00:12:01:00:00:01 - 200.200.200.1
1/1/3 4789 2001 00:12:01:00:00:02 - 200.200.201.1
1/1/3 4789 2002 00:12:01:00:00:03 - 200.200.202.1
1/1/3 4789 2003 00:12:01:00:00:04 - 200.200.203.1
1/1/3 4789 2004 00:12:01:00:00:05 - 200.200.204.1
1/1/3 4789 1234 00:00:04:00:00:00 - 2.0.0.0
1/1/3 4789 1234 00:00:04:00:00:01 - 2.0.0.1
1/1/3 4789 1234 00:00:04:00:00:02 - 2.0.0.2
1/1/3 4789 1234 00:00:04:00:00:03 - 2.0.0.3
1/1/3 4789 1234 00:00:04:00:00:04 - 2.0.0.4
1/2/2 4789 43 00:00:00:88:00:01 8 88.0.0.1
1/2/2 4789 43 00:00:00:88:00:02 8 88.0.0.2
1/2/2 4789 43 00:00:00:88:00:03 8 88.0.0.3
1/2/2 4789 43 00:00:00:88:00:04 8 88.0.0.4
1/2/2 4789 43 00:00:00:88:00:05 8 88.0.0.5
See the OmniSwitch AOS Release 8 CLI Reference Guide for information about the fields in this display.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-5
Configuring VXLAN Snooping VXLAN Snooping Overview
• IP protocol version.
VXLAN Snooping is enabled globally on the switch and on a per-port basis. The overlay network
information needed and where QoS should be enforced determines on which ports this functionality
should be enabled. For example, in a data center topology enable VXLAN Snooping as follows:
• On server-facing ports to learn more detailed information about VMs, such as their network location.
Enabling VXLAN Snooping on a port or link aggregate triggers the sampling of IP packets on that port or
aggregate. The following diagram provides a high-level example of the VXLAN Snooping process:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-6
Configuring VXLAN Snooping VXLAN Snooping Overview
Packet Sampling
1. 4.
Hardware Resources
for QoS
VXLAN Snooping
Port
Figure 4-1 : VXLAN Snooping Overview
1 Packets arrive on a VXLAN Snooping port, which triggers random packet sampling. If VXLAN
Snooping is not enabled on the port, the packet passes through the switch for standard processing.
2 If a VXLAN packet is detected and the packet information is not known to the switch, parameters
identifying the packet are logged into the VXLAN Snooping database on the local switch. An aging timer
is applied to each database entry.
3 QoS policies are checked to see if they match the VXLAN packet.
4 If a VXLAN packet matches a QoS policy rule, hardware resources are allocated for the matching rule
and QoS is applied to the packet flow. If not, the learned VXLAN packet is forwarded on to the intended
destination.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-7
Configuring VXLAN Snooping VXLAN Snooping Overview
• When VXLAN Snooping is operating in the basic policy mode, a VXLAN QoS policy condition can
classify on the following fields:
– VNI (minimum required)
– UDP port
– Inner source MAC address
– Inner source IPv4 address
• When VXLAN Snooping is operating in the advanced policy mode, a VXLAN QoS policy condition
can classify on the following fields:
– VNI (minimum required)
– UDP port
– Inner source MAC address
– Inner IP protocol version
– Inner source IPv6 address or IPv4 address
– Inner destination and/or source port (TCP/UDP ports)
QOS policy rules support policy conditions that are applied to the inner frame of a VXLAN packet. Such
policy conditions are identified through the use of the vxlan keyword. For example, the following rule
contains a VXLAN policy condition:
-> policy condition c1 vxlan vni 1234 udp port 4789
-> policy condition c1 vxlan inner source mac 00:11:22:33:44:00
-> policy condition c1 vxlan inner source ip 10.10.10.10
-> policy action a1 disposition dscp 45
-> policy rule r1 condition c1 action a1
When a VXLAN condition is included in a QoS policy rule, the hardware resources for that rule are not
used until a VXLAN packet flow matches that rule. The advantage to this is that switch resources reserved
for VXLAN Snooping are not used until needed. This conserves the usage of switch resources that were
allocated for this feature.
UNP
The Universal Network Profile (UNP) functionality is also configurable on a VXLAN Snooping port.
When both are enabled on the same port, the following process is triggered:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-8
Configuring VXLAN Snooping VXLAN Snooping Overview
1 UNP attempts to classify the ingress traffic based on the outer VXLAN packet information.
2 If the traffic is assigned to a UNP, the switch then checks if the UNP is associated with a QoS policy
list.
3 If the UNP is associated with a QoS policy list, then that list is applied to the VXLAN packet flow.
4 If there is no matching UNP or the UNP does not use a QoS policy list, the switch checks if there are
any QoS policies associated with the system default policy list that match the VXLAN flow parameters. If
so, the default policy list rules are applied to the flow. If not, then no QoS is applied to the VXLAN packet
flow.
UNP policy list rules take precedence over default policy list rules. The order in which policy rules within
a specific list are applied is based on the precedence value assigned to the rule.
The following is an example configuration for a UNP QoS policy list:
-> policy condition c1 vxlan vni 1234 udp port 4789
-> policy condition c1 vxlan inner source mac 00:11:22:33:44:00
-> policy condition c1 vxlan inner source ip 10.10.10.10
-> policy action a1 disposition dscp 45
-> policy rule r1 condition c1 action a1 no default-list
-> policy list l1 type unp
-> policy list l1 rule r1
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-9
Configuring VXLAN Snooping Interaction With Other Features
General
• IPv4 and IPv6 packets are sampled on VXLAN Snooping ports. The entire packet header is scanned,
but not the payload.
• Fragmented, encrypted, control, or protocol packets (for example, ICMP, LLDP, BPDU) are not
supported.
• VXLAN Snooping is applied after other OmniSwitch features, such as Universal Network Profile
(UNP), Learned Port Security (LPS), QoS, DHCP, SPB, and other protocols.
• VXLAN Snooping is a software-based process that uses fast path processing to perform the random
packet sampling and QoS policy enforcement. Similar to other features that also require this type of
processing, VXLAN Snooping can affect the switch performance and other features can affect the
performance of VXLAN Snooping.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-10
Configuring VXLAN Snooping Interaction With Other Features
QoS
• VXLAN Snooping uses the QoS infrastructure to create and apply policies to VXLAN packet flows.
The following methods are available for applying QoS to VXLAN packet flows:
– Standard QoS policy rules are configurable for VXLAN Snooping ports and/or VXLAN traffic.
These types of rules apply to the outer header information of a VXLAN encapsulated packet.
– Standard QoS policy rules with a VXLAN policy condition. This type of condition contains the
vxlan keyword and applies to the inner header information of an encapsulated Ethernet frame in a
VXLAN packet.
– QoS policy lists applied through vNP profiles. When a device is classified into a vNP profile and
that profile is associated with a list of QoS policy rules, those rules are applied to the device traffic.
• VXLAN Snooping shares QoS system resources with other OmniSwitch applications. As a result,
VXLAN Snooping functionality is subject to the availability of such resources, especially when
Application Fingerprinting is also running on VXLAN Snooping ports.
• VXLAN Snooping policies take precedence over other QoS policies if there is a conflict.
• AFP policies apply to the outer headers of VXLAN packets but take precedence over VXLAN
Snooping policies in regards to resource allocation on the switch.
sFLOW
VXLAN Snooping and the sFLOW feature are not supported on the same port.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-11
Configuring VXLAN Snooping Configuring VXLAN Snooping
Configuration Guidelines
Review the guidelines in this section before attempting to configure and activate OmniSwitch VXLAN
Snooping.
• Globally enable VXLAN Snooping for the switch before attempting any other VXLAN Snooping
command. When enabled, the switch reserves hardware resources for this feature. When disabled,
switch resources are released for other purposes.
• VXLAN Snooping is also enabled or disabled at the port level. When this feature is globally enabled
for the switch, packet sampling is trigged only on ports that have VXLAN Snooping enabled.
• VXLAN Snooping is intended for use on any switch in a network where VXLAN is used. On these
switches, enable VXLAN Snooping on ports that are known to pass VXLAN encapsulated packets.
• VXLAN Snooping shares switch resources with other applications, such as QoS user policies, VLAN
Stacking, Application Fingerprinting, DHCP Snooping, Open Flow, IP multicast, and FIP Snooping.
Depending on which application comes first, the required hardware resources for other applications
may not be available.
• To determine the availability of switch hardware resources and the amount of resources used by
VXLAN Snooping policies, use the show vm-snooping filtering-resource command. For example:
-> show vm-snooping filtering-resource
Total Filtering Resources :256,
Chassis/Slot Filtering Resources Used
--------------+----------------------------
1/SLOT-1 0
2/SLOT-1 0
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-12
Configuring VXLAN Snooping Configuring VXLAN Snooping
• When QoS policies with VXLAN conditions are configured on the switch, the policy rules are not
programmed into the hardware until a VXLAN packet flow matches the rule. However, if a VXLAN
Snooping static policy rule is configured, the rule is programmed into the hardware at the time the rule
is created.
• The order in which VXLAN policy rules are programmed into the hardware is based on the order in
which the rules were configured. As a result, hardware resources are allocated on a first come, first
served basis. To change this, configure VXLAN policy rules with a precedence value. Rules with a
higher precedence are allocated resources first, regardless of what order in which the rules were
configured.
• To use a QoS policy rule to classify a VXLAN encapsulated packet based on information specific to
the packet contents, make sure the rule contains a vxlan condition. For example:
-> policy condition c1 vxlan vni 1234 udp port 4789
-> policy condition c1 vxlan inner source mac 00:11:22:33:44:00
-> policy condition c1 vxlan inner source ip 10.10.10.10
-> policy action a1 dscp 45
-> policy rule r1 condition c1 action a1 no default-list
• Use the policy condition vxlan command to configure a specific policy condition for VXLAN
packets. The following condition parameters are supported with this command:
vni
inner source mac
inner source mac-group
inner source ip
inner source ipv6
inner ip-protocol
inner l4-port
inner vxlan-port
• The vni condition parameter is required when configuring a VXLAN Snooping policy condition. The
VXLAN header contains the VXLAN Network Identifier (VNI) that is associated with the source
MAC address of the Ethernet frame that is encapsulated in a VXLAN packet. The VNI represents the
VXLAN segment ID to which the packet belongs.
When globally enabled, the VXLAN Snooping process is triggered only on VXLAN Snooping ports and
link aggregates. To disable the VXLAN Snooping functionality, use the vm-snooping admin-state
command with the disable option. For example:
-> vm-snooping admin-state disable
IP packets are not sampled on VXLAN Snooping ports if the feature is globally disabled for the switch.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-13
Configuring VXLAN Snooping Configuring VXLAN Snooping
After making the change, globally enable the VXLAN Snooping feature for the switch. For example, the
following commands disable VXLAN Snooping, change the policy mode, and then enable VXLAN
Snooping:
-> vm-snooping admin-state disable
-> vm-snooping policy-mode advance policy-resource extended
-> vm-snooping admin-state enable
The following parameters are used with the vm-snooping policy-mode command to tailor the switch
resources that are reserved for VXLAN Snooping policy conditions:
For IPv6 packets, reserves resources for VNI, VXLAN UDP port,
inner source IPv6 address, Layer 4 source and destination port for
policy conditions.
inner-header Specifies whether the header of the inner Ethernet frame of the
{tagged | untagged | default} encapsulated packet is tagged or untagged.
policy-resource {extended | Doubles the amount of switch resources, if available, that are
default} reserved for VXLAN Snooping policies.
For example, the following command reserves room for approximately 1024 policy entries that match
only inner tagged packets:
-> vm-snooping policy-mode basic policy-resource extended inner-header tagged
The following command example reserves room for approximately 256 policy entries that match inner
tagged packets and 256 policy entries that match inner untagged packets:
-> vm-snooping policy-mode basic policy-resource default inner-header default
Note. When the VXLAN Snooping policy mode is changed, the QoS entries and the VXLAN Snooping
database are flushed.
To determine which VXLAN Snooping policy mode is active for the switch, use the show vm-snooping
config command.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-14
Configuring VXLAN Snooping Configuring VXLAN Snooping
In this example, “r1” contains a VXLAN policy condition. If this rule was not configured as a static policy
rule, the switch would wait until the rule is applied to a VXLAN packet flow before allocating switch
resources reserved for VXLAN Snooping. However, in this case, switch resources are allocated at the time
the rule is created, even if there is no packet flow to which the rule is applied.
If the specified rule belongs to a QoS policy list other than the default policy list, then the list name is
required when creating the rule. For example:
-> vm-snooping static-policy rule r2 list l2
In this example, because “r1” is assigned to the “l2” list, the list name is specified with the command. If
“r1” was assigned to the system default QoS policy list, then the list name is not required.
To remove a VXLAN Snooping static policy, use the no form of the vm-snooping static-policy rule
command. For example:
-> no vm-snooping static-policy rule r1
-> no vm-snooping static-policy rule r2 list l2
When the static policy rule is removed, the reserved switch resources that were allocated when the rule
was created are made available for VXLAN Snooping operations.
For more information about QoS policy lists, see the “Configuring QoS” chapter in the OmniSwitch AOS
Release 8 Network Configuration Guide.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-15
Configuring VXLAN Snooping Configuring VXLAN Snooping
To set the threshold back to the default value, use the vm-snooping filtering-resource trap threshold
command with the default parameter. For example:
-> vm-snooping filtering-resource trap threshold default
The specified sampling rate value is applied to all ports configured as VXLAN Snooping ports.
To prevent the database entries from aging out, set the time to zero. For example,
-> vm-snooping aging-timer 0
When a UDP port is added, it does not replace the default 4789 port number. In this example where port
8472 was added, the VXLAN Snooping process will look for both 4789 and 8472 port numbers during the
inspection process.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-16
Configuring VXLAN Snooping Configuring VXLAN Snooping
To remove a UDP port number from the list, use the no form of the vm-snooping vxlan udp-port
command. For example:
-> no vm-snooping vxlan udp-port 8472
• Including the default UDP port number (4789), up to eight UDP ports are allowed. However,
configuring multiple UDP ports may slow down the VXLAN Snooping process.
• Changing the UDP port number on the fly might stop the VXLAN traffic until the VXLAN Tunnel
End Points (VTEPs) in the network are configured with the same destination UDP port.
To administratively disable packet sampling on the port, use the vm-snooping port command with the
admin-state disable option. For example:
-> vm-snooping port 2/1/10 admin-state disable
-> vm-snooping linkagg 5 admin-state disable
In this example, packet sampling is stopped but the port and link aggregate are still configured as a
VXLAN Snooping port.
Use the no form of the vm-snooping port command to revert the VXLAN Snooping port back to a
regular switch port or link aggregate. For example:
-> no vm-snooping port 2/1/10
-> no vm-snooping linkagg 5
If VXLAN Snooping is globally disabled for the switch, then none of the VXLAN Snooping ports will
sample packets even if the snooping process is administratively enabled on a VXLAN Snooping port or
link aggregate.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-17
Configuring VXLAN Snooping Configuring VXLAN Snooping
When the number of records logged to the .csv files exceeds the logging threshold value, the
corresponding files are renamed to /flash/switch/bridge/vm_snoop/vm_snoop_db_flow_old_rec.csv and
to /flash/switch/bridge/vm_snoop_hw_stats_old_rec.csv.
To set this value back to the default (5000 entries), use the vm-snooping logging-threshold command
with the default option. For example:
-> vm-snooping logging-threshold number-of-flows default
To turn off logging database entries to the .csv files, set the threshold value to zero. For example,
-> vm-snooping logging-threshold number-of-flows 0
Note that turning off the logging function does not stop the VXLAN Snooping process from learning
VXLAN packet flows and entering the flow information into a database. The .csv files are used to
maintain a packet flow history and are accessed by Alcatel-Lucent Enterprise network management tools
to provide management and visibility for the overlay network traffic.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-18
Configuring VXLAN Snooping VXLAN Snooping Configuration Example
VM VM VM VM VM VM
Gold - VNI 12000
Server Server Server
In this example, a Server VTEP (VXLAN Gateway) segments traffic into the following VXLAN Network
IDs (VNIs):
• Traffic from the Bronze network is assigned to VNI 12002.
The Server VTEP encapsulates frames from these networks to associate them with their respective VNIs
and tunnel the encapsulated packets over the network to other designated VTEPs. VXLAN Snooping is
running on OmniSwitch1 and OmniSwitch2 where the VXLAN packets are sampled and QoS is applied
through Universal Network Profile (UNP) policy lists.
The following CLI configuration provides a sample of the commands used to configure the VXLAN
Snooping functionality on OmniSwitch1 and OmniSwitch2. For more information about how to configure
an OmniSwitch as a VTEP, see Chapter 3, “Configuring a VXLAN Gateway.”
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-19
Configuring VXLAN Snooping VXLAN Snooping Configuration Example
1 Configure the QoS policy and lists that will apply the tenant-based QoS:
2 Create a UNP and associate the profile with the QoS policy list created in Step 1:
3 Enable the UNP functionality on the OmniSwitch1 and OmniSwitch2 ports that will sample VXLAN
packets:
-> unp port 1/1/9 enable
-> unp port 1/1/7 enable
-> unp port 1/1/8 enable
4 Create a UNP classification rule that will classify the VXLAN packets into the UNP created in Step 2:
6 Enable VXLAN Snooping on OmniSwitch1 and OmniSwitch2 ports that will sample packets:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-20
Configuring VXLAN Snooping Verifying the VXLAN Snooping Configuration
show vm-snooping config Displays the global VXLAN Snooping configuration and status for the
switch.
show vm-snooping port Displays the VXLAN Snooping port configuration for the switch.
show vm-snooping database The contents of the VXLAN Snooping database. Entries include
information about the learned VXLAN packet flows. To clear entries
from the database, use the clear vm-snooping database command.
show vm-snooping virtual- Displays information about devices, such as Virtual Machines,
machines discovered during the VXLAN Snooping process.
show vm-snooping filtering- Displays the amount of switch resources available for and used by
resource VXLAN policy rules.
show vm-snooping statistics Displays statistics for each VXLAN packet flow on a VXLAN
Snooping port or link aggregate. To reset the statistics counters to zero,
use the clear vm-snooping statistics command.
show vm-snooping static-policy Displays the static QoS policy rule configuration for VXLAN Snooping.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 4-21
5 Configuring FIP Snooping
The OmniSwitch implementation of Fibre Channel over Ethernet (FCoE) Initiation Protocol (FIP)
snooping supports the FCoE technology used to tunnel Fibre Channel frames encapsulated within Ethernet
MAC frames.When FIP snooping functionality is configured and enabled, the OmniSwitch serves as an
FCoE transit switch. In this role, the OmniSwitch implementation of Data Center Bridging (DCB) is also
used to provide the lossless Ethernet network required to support FCoE.
This implementation of FIP Snooping ensures the security of an FCoE network and maintains a virtual
point-to-point network connection between FCoE Nodes (ENodes) and FCoE Forwarder (FCF) devices.
An FCoE OmniSwitch is placed between ENodes (FCoE-capable servers) and an FCF to extend the reach
of the FCoE network without extending the physical Fibre Channel (FC) connections.
In This Chapter
This chapter describes FCoE and FIP in general and how FIP snooping VLAN and port configurations are
applied to the switch. It provides information about configuring FIP snooping through the Command Line
Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax
of commands, see the OmniSwitch AOS Release 8 CLI Reference Guide.
The following topics and procedures are included in this chapter:
• “FIP Snooping Defaults” on page 5-2.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-1
Configuring FIP Snooping FIP Snooping Defaults
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-2
Configuring FIP Snooping Terms and Definitions
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-3
Configuring FIP Snooping FIP Snooping Overview
Note. The OmniSwitch can participate in an FCoE network as an FCoE transit switch or as an FCoE
Forwarder. See Chapter 6, “Configuring an FCoE/FC Gateway,” for more information about using the
OmniSwitch as an FCoE Forwarder.
As an FCoE transit switch, the OmniSwitch will sit in between ENodes and an FCF or OmniSwitch FCoE/
FC gateway as part of a multi-hop FCoE network, as shown in Figure 1 on page 5-5. In this role, the
OmniSwitch is a pass-through switch that is transparent to the ENode and FCF endpoints.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-4
Configuring FIP Snooping FIP Snooping Overview
VF_Port VF_Port
DCB DCB
Port Port
Virtual FC Links
Physical 10G Ethernet Links
Physical Fibre Channel Links
The virtual FC links between ENode VN_Ports and FCF VF_Ports are discovered, created, and
maintained by the FCoE Initialization Protocol (FIP). Based on FIP requests and responses traversing
these links, the transit OmniSwitch will dynamically create ACLs to filter the FIP traffic received on the
switch FCoE ports connected to FCoE devices. These ACLs perform the FIP snooping function that
protects the FCoE network from unauthorized access and data transmission through the transit switch.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-5
Configuring FIP Snooping FIP Snooping Overview
FIP Login
When an ENode selects an FCF, the ENode sends a fabric login (FLOGI) request to the FCF. The FCF
acknowledges the request and, depending on the MAC addressing mode used, the FCF sends the ENode a
locally unique MAC address to use for FCoE encapsulation.
There are two MAC addressing modes that ENodes and FCFs can use to provide a locally unique MAC
address for FCoE operations: fabric-provided MAC address (FPMA) mode or server-provided MAC
address (SPMA) mode. The OmniSwitch supports both FPMA and SPMA modes.
• When the FPMA mode is in use by the ENode, the MAC address assigned to the ENode VN_Port is a
48-bit address, which consists of the 24-bit FCoE mapped address prefix (FC-MAP) combined with a
24-bit FC identifier (FCID). The FC-MAP is a configurable value on OmniSwitch FCoE VLANs. In
this mode, the ENode can have different VN_Ports, each with their own unique MAC address.
• When the SPMA mode is in use by the ENode, the server provides the MAC address to the FCF, which
then determines if the SPMA is an address approved for FCoE access.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-6
Configuring FIP Snooping FIP Snooping Overview
The ENode and the FCF must use the same addressing mode to establish virtual links between the ENode
and FCF. Note that the ENode continues to use the globally unique ENode MAC address (CNA MAC) for
FIP control operations; the FPMA or SPMA is used for FCoE frame transactions.
A successful ENode fabric login establishes a new virtual link between the ENode VN_Port and FCF
VF_Port. FCoE servers attached to an Ethernet network can access storage devices in the FC SAN by
exchanging FCoE frames (encapsulated FC payloads) over the virtual link.
• If a frame matches multiple FCoE ACL entries programmed in the hardware, the first matching ACL
entry in the hardware is applied to the frame.
When FIP snooping is globally enabled for the transit OmniSwitch, the switch will deny traffic from any
ENode on any FCoE VLAN until the ENode successfully logs on to the FC fabric.
• ENode-only port—a link between FCoE transit switches that carries traffic from ENode to FCF but
not the reverse.
• FCF-only port—a link between FCoE transit switches that carries traffic from FCF to ENode but not
the reverse.
• Mixed port—a link between FCoE transit switches that carries traffic in both directions (from FCF to
ENode or from ENode to FCF).
• Trusted port—the FCoE port is trusted; traffic on this port is not filtered by FIP ACLs. This port role
type is typically assigned to the switch FCoE port that connects to an Ethernet port on the FCF.
The port role assigned depends on where the port resides within the FCoE transit switch path and the
source of the traffic (ENode, FCF, or both) the port will receive. Although FCoE ports can pass
bidirectional FCoE traffic, the dynamic ACL configuration is based on the ingress traffic.
The remaining subsections provide an example of port role locations within the network and the ACL
functionality applied for the given port role.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-7
Configuring FIP Snooping FIP Snooping Overview
Edge Port
The following diagram shows an example of where an FCoE edge port is placed in the FCoE network
topology:
Edge Port
• Prevent transmission of FCoE frames from ENodes prior to fabric login (FLOGI).
• Ensure that after fabric login (FLOGI) the ENode only uses FCoE source MAC addresses assigned by
the FCF.
• Ensure that after FLOGI the assigned source MAC address is only used for FCoE traffic.
• Ensure that after the FLOGI that FCoE frames are only addressed to the FCF.
• Ensure that ACL entries do not interfere with other switch ACLs.
• Ensure that the ACL entries do not restrict non-FCoE traffic (traffic that does not match the FCoE
Ethertype and does not use an FCoE source MAC address).
ENode-only Port
The following diagram shows an example of where an FCoE ENode-only port (port that carries ingress
traffic from the ENode) is placed in the FCoE network topology:
• Verify that all FCoE frames are only sourced by ENodes (if FPMA is in use).
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-8
Configuring FIP Snooping FIP Snooping Overview
FCF-only Port
The following diagram shows an example of where an FCoE FCF-only port (port that carries ingress
traffic from the FCF) is placed in the FCoE network topology:
• Verify that all FCoE frames are destined to an ENode (FPMA only).
Mixed Port
The following diagram shows an example of where an FCoE mixed port (port that carries FCF-to-ENode
traffic and ENode-to-FCF traffic) is placed in the FCoE network topology:
Mixed Port
VF_Port VF_Port
FCoE Forwarder (FCF) FCoE Forwarder (FCF)
• Verify that all FCoE frames are sourced from an FCF and are sent to an ENode or FCF, or verify that
all FCoE frames are sourced from an ENode and are sent to an FCF (FPMA only).
• Verify that all FCoE frames are sourced from or sent to an FCF.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-9
Configuring FIP Snooping FIP Snooping Overview
Trusted Port
The following diagram shows an example of where an FCoE trusted port is placed in the FCoE network
topology:
Trusted Port
No ACLs are applied when the port is configured as an FCoE trusted port.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-10
Configuring FIP Snooping Interaction with Other Features
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-11
Configuring FIP Snooping Interaction with Other Features
Loop Avoidance
Configuring MSTP or ERP for loop avoidance is recommended. When using MSTP assign each FCoE
VLAN its own MST ID. This will improve performance in a topology where each VSAN assigned to a
VLAN uses different FCFs.
• Enabling UNP on an FCoE port that is tagged with non-FCoE VLANs is not allowed. Enabling UNP
on an FCoE port is allowed only on FCoE ports that are tagged with FCoE VLANs.
• Changes to a UNP port triggers a MAC flush of all MAC addresses learned on that port, including FIP
and FCoE MAC addresses if the UNP port is also an FCoE port.
• When UNP is enabled or disabled on an FCoE port, all MAC addresses are flushed, including FIP and
FCoE MAC addresses.
For more information about UNP, see Chapter 29, “Configuring Access Guardian.”
QoS
The QoS application is responsible for the dynamic configuration of the ACLs that FIP snooping uses to
secure the traffic flowing through an OmniSwitch FCoE transit switch. As a result FIP snooping ACLs
and other QoS functions share the same system resources. This means that the number of FIP snooping
sessions allowed is subject to the availability of the shared resources.
The following limitations apply when FCoE is configured on a switch port:
• FCoE port configuration overrides global QoS settings.
• If there are no QoS system resources available for FIP snooping, an error is given indicating that
resources were not allocated.
• To achieve priority protection of the FCoE traffic, if any of the non-FCoE traffic with the FCoE
priority is received on the FCoE port, the traffic is remarked to a priority lower than that of the default
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-12
Configuring FIP Snooping Interaction with Other Features
FCoE priority and the configured FCoE priority. Other lossless traffic will have its own priority and
should not clash with the FCoE priority.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-13
Configuring FIP Snooping Configuring FIP Snooping
In addition, make sure that the DCBx protocol is enabled on each participating port. DCBx is enabled
by default on all switch ports, but the following command is used to enable DCBx, if necessary:
-> qos qsi port 8/1 dcb dcbx admin-state enable
-> qos qsi linkagg 10 dcb dcbx admin-state enable
c. Make sure that the traffic requiring lossless transmission is marked with the same CoS priority value
to which the DCB profile will apply lossless priority flow control. The switch will only pause frames
sent with the same priority value as the lossless priority value specified in the DCB profile.
d. Make sure that all participating FCoE ports are configured as QoS trusted ports with the default classi-
fication set to 802.1p. For example:
-> qos port 8/1 trusted default classification 802.1p
-> qos linkagg 10 trusted default classification 802.1p
e. Configure 802.1ab LLDP on FCoE ports to send the application-priority TLV. This is done to provide
the peer device with the priority value set for FCoE traffic. For example:
-> lldp port 8/1 tlv application enable
-> lldp port 8/1 tlv application priority 3
2 Configure FCoE VLANs. Create the same FCoE VLAN on each participating OmniSwitch. For
example:
-> fcoe vlan 100
3 Configure FCoE ports. Configure each port that will carry FCoE/FIP traffic as an FCoE port, which
includes specifying the FCoE role (Edge, ENode-only, FCF-only, Mixed, Trusted) for the port. For
example, port 8/1 connects to an ENode and link aggregate 10 will forward ingress traffic from the FCF.
-> fcoe port 8/1 role edge
-> fcoe linkagg 10 role fcf-only
4 Assign FCoE ports to FCoE VLANs. Tag each FCoE port with the same FCoE VLAN on each
participating OmniSwitch. For example:
-> vlan 100 members port 8/1 tagged
-> vlan 100 members linkagg 10 tagged
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-14
Configuring FIP Snooping Configuring FIP Snooping
5 Enable FIP snooping. Administratively enable FIP snooping on each participating OmniSwitch. For
example:
-> fcoe fip-snooping admin-state enable
Additional FIP snooping global, VLAN, and port parameters are configurable to fine tune FIP snooping
on the OmniSwitch. These parameters have default values that apply when FIP snooping is enabled for the
switch. For more information about configuring FIP snooping parameters, see the following sections:
• “Configuration Guidelines” on page 5-15.
For more information about DCB profiles, see Chapter 2, “Configuring Data Center Bridging,” of the
OmniSwitch AOS Release 8 Data Center Switching Guide.
For more information about CoS 802.1p priority bit classification and marking, see “How Traffic is
Classified and Marked” on page 27-5 in Chapter 27, “Configuring QoS,” of the OmniSwitch AOS Release
8 Network Configuration Guide.
Configuration Guidelines
Review the guidelines in this section before attempting to configure an OmniSwitch FIP snooping transit
switch path between ENodes and FCFs.
FCoE VLANs
• Manual configuration of the FCoE VLAN is required along the transit switch path and on the FCF.
However, the ENode may invoke FIP VLAN discovery to discover the FCoE VLANs within the transit
path. If not, manual configuration of the FCoE VLANs may be required on the appropriate ENodes.
• The ENode, transit switches, and the FCF must all use the same addressing mode (FPMA or SPMA) to
establish virtual links between the ENode and FCF. On the OmniSwitch, the addressing mode is a
configurable parameter for the FCoE VLAN. Make sure each OmniSwitch FCoE VLAN in the transit
switch path is configured with the same dress mode used by the ENode and FCF.
• Configuring an FCoE VLAN as a default VLAN for a port or link aggregate is not allowed. In
addition, configuring default VLAN 1 as an FCoE VLAN is not allowed.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-15
Configuring FIP Snooping Configuring FIP Snooping
FCoE Ports
• FCoE is only supported on 10G or faster ports that are associated with an FCoE lossless DCB profile.
In addition, DCBX must be enabled on the port with both PFC and ETS in an active state (either forced
or negotiated via DCBX). The DCB configuration is done separately using QoS port and profile
commands.
• FCoE ports must be manually assigned to a default VLAN and then tagged with the FCoE VLAN that
will forward the FCoE and FIP frames on that port.
• The default VLAN for the FCoE ports will carry FIP VLAN discovery requests through FCoE
network. As a result, it is necessary to configure the same default VLAN for FCoE ports on each
switch. All other FIP traffic and FCoE frames are carried on the FCoE VLAN.
The following features are not supported on FCoE ports:
• Learned Port Security (LPS)
FCoE Priority
Make sure to use the same FCoE priority value when configuring the following:
• The FCoE priority value used to classify FCoE traffic (QoS class of service markings).
• The lossless priority value defined in the DCB profile applied to participating FCoE ports.
• The FCoE priority value defined in the LLDP Application Priority TLV that is advertised on FCoE
edge ports connected to ENodes.
• The FCoE priority that is protected when FCoE priority protection is enabled for the switch. Priority
protection is disabled by default.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-16
Configuring FIP Snooping Configuring FIP Snooping
There are 11 predefined DCB profiles (DCP 1–11) available, and some of these profiles provide lossless
traffic classes for one or more priorities. However, these profiles may not provide lossless traffic classes
for the designated FCoE traffic priority or may provide lossless traffic classes for all priorities (DCP 7, 9,
and 11). In this case, creating and applying a custom DCB profile, as follows, is recommended:
1 Create the new custom profile based on DCP 9 or 11. For example:
2 Configure all traffic classes in DCP 12 to lossy, except for the priority designated for lossless FCoE
traffic. In this example, priority 3 is the FCoE priority so its traffic class is not changed to lossy:
-> qos qsp dcb dcp-12 tc 0 pfc flow-type nLL
-> qos qsp dcb dcp-12 tc 1 pfc flow-type nLL
-> qos qsp dcb dcp-12 tc 2 pfc flow-type nLL
-> qos qsp dcb dcp-12 tc 4 pfc flow-type nLL
-> qos qsp dcb dcp-12 tc 5 pfc flow-type nLL
-> qos qsp dcb dcp-12 tc 6 pfc flow-type nLL
-> qos qsp dcb dcp-12 tc 7 pfc flow-type nLL
3 Apply custom profile DCP 12 to all participating FCoE ports. For example:
Note. If FCoE priority protection is enabled for the switch, make sure the DCB profile used on participating
FCoE ports ensures lossless traffic classes for the protected priority values (see “Enabling/Disabling FCoE
Priority Protection” on page 5-18).
For more information about DCB profiles, including predefined profile definitions, see Chapter 2,
“Configuring Data Center Bridging,” of the OmniSwitch AOS Release 8 Data Center Switching Guide.
Make sure the FCoE priority value advertised with the Application Priority TLV is the same priority value
that is designated for FCoE traffic in the network configuration.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-17
Configuring FIP Snooping Configuring FIP Snooping
When FIP snooping is enabled, FCoE traffic is dropped on all switch VLANs and ports that are not
configured as FCoE VLANs and ports.
To disable FIP snooping, enter the fcoe fip-snooping command with disable option:
-> fcoe fip-snooping admin-state disable
By default, the addressing mode is set to FPMA. To change the FIP addressing mode, use the fcoe
address-mode command. For example:
-> fcoe fip-snooping disable
-> fcoe address-mode spma
-> fcoe fip-snooping enable
Note. By default, FCoE priority protection is disabled on the switch. When enabled, any non-FCoE traffic
received on any switch port (not just FCoE ports) that matches the protected FCoE priority value is either
dropped or remarked, based on the priority protection action configured for the switch.
The default priority value that is protected is set to 3, which is a common 802.1p value assigned to FCoE
traffic. However, this value is not protected until priority protection is enabled for the switch using the
fcoe priority-protection command. For example:
-> fcoe priority-protection enable
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-18
Configuring FIP Snooping Configuring FIP Snooping
In addition, it is also possible to configure two priority values for FCoE traffic. For example, the following
command specifies priority 2 and 7:
-> fcoe priority 2 7
Each time a priority value is configured, the existing priority value is overwritten.
If two priority values are configured but there is a need to change only one of the values, both priority
values must be specified with the fcoe priority command. For example, if the current priority is set to 2
and 5, to change priority 2 to 3, specify both 3 and 5 as the priority values.
-> fcoe priority 3 5
Make sure that the FCoE protected priority value is the same priority value that is designated for FCoE
traffic in the network configuration.
To disable trap generation in this case, set the threshold value to zero. For example:
-> fcoe filtering-resource trap-threshold 0
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-19
Configuring FIP Snooping Configuring FIP Snooping
By default, the amount of time the switch will wait for keepalive messages is set to 300 seconds. To
change this amount of time, use the fcoe house-keeping-time-period command. For example:
-> fcoe house-keeping-time-period 120
To disable the house keeping timer, set the timer value to zero. For example:
-> fcoe house-keeping-time-period 0
When creating an FCoE VLAN, specify a VLAN ID that does not exist in the switch configuration, or
specify the ID of a dynamically created MVRP VLAN.
By default, an FCoE VLAN is administratively enabled when the VLAN is created. To disable the FCoE
VLAN, use the fcoe vlan command with the disable option:
-> fcoe vlan 500 disable
To enable a disabled FCoE VLAN, use the fcoe vlan command with the enable option:
-> fcoe vlan 500 enable
When an FCoE VLAN is created, it is possible to assign an ASCII text name to the VLAN using the fcoe
vlan command with the name option:
-> fcoe vlan 500 name fcoe-vlan1
If a name is not assigned to an FCoE VLAN when the VLAN is created, the VLAN ID is used by default.
For example, when FCoE VLAN 500 is created without a name, then “VLAN-500” is used for the name.
To remove a statically configured FCF MAC address from an FCoE VLAN, use the no form of the fcoe
fcf mac command. For example:
-> no fcoe fcf 30:10:94:01:00:00 vlan 100
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-20
Configuring FIP Snooping Configuring FIP Snooping
To remove a statically configured FC-MAP address from an FCoE VLAN, use the no form of the fcoe fc-
map command. For example:
-> no fcoe fc-map 0E:FC:04 vlan 30
In these examples, port 1/8/1 is configured as an FCoE edge port because the port will connect the switch
to an FCoE-capable server (CNA with FCoE capability). Link aggregate 10 is configured as an FCoE FCF
only port because the aggregate will process ingress traffic from an FCF that is destined for an ENode.
To change the role of an FCoE port, first remove the FCoE configuration from the port, then configure
FCoE and the new role again for that same port. For example:
-> no fcoe port 1/8/1 role edge
-> fcoe port 1/8/1 role enode-only
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-21
Configuring FIP Snooping Configuration Example
Configuration Example
FIP snooping provides a mechanism for securing FCoE traffic to facilitate lossless storage convergence.
The OmniSwitch supports FIP snooping through the use of dynamic ACLs that ensure that traffic only
flows between valid ENodes and FCFs.
The FIP snooping capability along with the support of DCB protocols (PFC, ETS, and DCBx) allow the
OmniSwitch to participate in a multi-hop FCoE network as an FCoE transit switch. When FIP snooping is
enabled, the switch will inspect FIP frames received on FCoE ports that are assigned to FCoE VLANs.
OmniSwitch QoS will then dynamically create the necessary ACLs based on the information in the
inspected frames.
The following diagram shows a sample FCoE topology in which FIP snooping OmniSwitches are
operating as FCoE transit switches to secure and forward FCoE traffic between FCoE endpoints (ENodes
and FCF switch). To the ENodes and FCF, the underlying Ethernet links through the transit switch path
appear as a direct point-to-point connection that is expected in a native FC network.
Edge Port
ENode-only Port FCF-only Port
VN_Port 1/5/16
Linkagg 104
FCoE Server 1/10
VF_Port
(ENode) 2/2/10
OmniSwitch FCoE FCoE Forwarder (FCF)
TransitSwitch_3
VN_Port
OmniSwitch FCoE
TransitSwitch_VC
FCF-only Port
FCoE Server
(ENode) Edge Port
The following switch configuration information provides an example of how the transit OmniSwitches are
configured in the sample FCoE topology.
• ENodes are connected to ports 1/5/16 and 2/2/10 on TransitSwitch_VC; both ports are configured as
FCoE edge ports because they directly connect to a server ENode (FCoE-capable CNA). For example:
TransitSwitch_VC-> fcoe port 1/5/16 role edge
TransitSwitch_VC-> fcoe port 2/2/10 role edge
• The FCF is connected to port 1/10 on TransitSwitch_3; port 1/10 is configured as an FCF-only port.
For example:
TransitSwitch_3-> fcoe port 1/10 role fcf-only
• Linkagg 104 ports are spread across switch modules on both the master and slave chassis of
TransitSwitch_VC; linkagg 104 is configured as an FCF-only port on TransitSwitch_VC and as an
ENode-only port on TransitSwitch_3. For example:
TransitSwitch_VC-> fcoe linkagg 104 role fcf-only
TransitSwitch_3-> fcoe linkagg 104 role enode-only
• FCoE VLAN 46 is configured across the transit switch path (manually on each OmniSwitch and, if
necessary, manually on the ENodes and FCF). For example:
TransitSwitch_VC-> fcoe vlan 46
TransitSwitch_3-> fcoe vlan 46
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-22
Configuring FIP Snooping Configuration Example
• All FCoE ports and the link aggregate ID are assigned (untagged) to default VLAN 200. The default
VLAN carries the ENode VLAN discovery messages; all other FCoE traffic is forwarded on FCoE
VLAN 46. For example:
TransitSwitch_VC-> vlan 200
TransitSwitch_VC-> vlan 200 members port 1/5/16 untagged
TransitSwitch_VC-> vlan 200 members port 2/1/10 untagged
TransitSwitch_VC-> vlan 200 members linkagg 104 untagged
• All FCoE ports and the link aggregate ID are tagged with FCoE VLAN 46. For example:
• All FCoE ports are QoS trusted with the default classification set to 802.1p. For example:
• Pre-defined DCB profile 9 (DCP-9) is assigned to all FCoE ports; DCP-9 configures lossless priority
flow control for all CoS priorities. For example:
TransitSwitch_VC-> qos qsi port 1/5/16 qsp dcb dcp-9
TransitSwitch_VC-> qos qsi port 2/1/10 qsp dcb dcp-9
TransitSwitch_VC-> qos qsi linkagg 104 qsp dcb dcp-9
• The FIP snooping functionality is globally enabled for all FCoE transit OmniSwitches. When FIP
snooping is enabled, FCoE traffic is dropped on all switch VLANs and ports that are not configured as
FCoE VLANs and ports. For example:
TransitSwitch_VC-> fcoe fip-snooping admin-state enable
TransitSwitch_3-> fcoe fip-snooping admin-state enable
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-23
Configuring FIP Snooping Verifying the FIP Snooping Configuration
show fcoe Displays the global FCoE FIP snooping status and configuration for
the switch.
show fcoe ports Displays the FCoE port configuration, including port roles, for the
switch. The port role determines the FIP snooping ACL
configuration for the port.
show fcoe sessions Displays the FIP sessions associated with the local switch.
show fcoe enode Displays ENode information for the FIP sessions associated with
the local switch.
show fcoe fcf Displays FCF information for the FIP sessions associated with the
local switch.
show fcoe fc-map Displays the Fibre Channel Mapped Address Prefix (FC-MAP)
configuration.
show fcoe statistics Displays ENode and FCF generated session statistics. Use the clear
fcoe statistics command to reset the statistics information.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 5-24
6 Configuring an
FCoE/FC Gateway
The OmniSwitch provides Fibre Channel over Ethernet (FCoE) convergence solutions that facilitate the
expansion of a Fibre Chanel (FC) storage area network (SAN) across an existing Ethernet infrastructure,
without having to purchase or manage additional, costly FC equipment. FCoE convergence features
supported include the following:
• FCoE transit switch—The OmniSwitch supports the FCoE technology used to tunnel FC frames
encapsulated within Ethernet MAC frames. To provide the necessary FCoE transit switch functionality,
the OmniSwitch supports FCoE Initialization Protocol (FIP) snooping and Data Center Bridging
(DCB) protocols for lossless Ethernet. A transit switch is basically a Layer 2 DCB switch that bridges
encapsulated FCoE traffic over the Ethernet fabric between FCoE end devices.
• FCoE/FC gateway switch—The OmniSwitch serves as an FCoE forwarder to connect FCoE nodes to
FC switches, connect FC nodes to an FCoE forwarder, and connect native FC fabrics across an FCoE
network. To provide the necessary FCoE/FC gateway functionality, the OmniSwitch supports the
following operational modes:
– N_Port proxy operation to aggregate FCoE Node (ENode) logins over a single OmniSwitch FC port
that is connected to an FC switch.
– F_Port proxy operation to connect FC nodes to an FCoE forwarder or another gateway switch
through an FCoE network or on the same gateway switch.
– E_Port proxy operation to provide a transparent point-to-point FC link between native E_Ports. This
allows inter-switch link (ISL) tunneling between FC fabrics over an FCoE network.
An OmniSwitch FCoE transit switch can connect to an OmniSwitch FCoE/FC gateway to access the
necessary gateway services needed to transport FCoE traffic to or from the FC SAN. An OmniSwitch
FCoE/FC gateway runs FIP snooping on the 10G Ethernet FCoE ports that connect to an FCoE network.
On the same switch, FC ports connect to native FC switches or nodes. Traffic is transmitted between the
FCoE network and the FC SAN through the gateway switch.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-1
Configuring an FCoE/FC Gateway In This Chapter
In This Chapter
This chapter describes the OmniSwitch FCoE/FC gateway functionality in general and how the
components of this functionality are applied to the switch. It provides information about configuring
FCoE/FC gateway components through the Command Line Interface (CLI). CLI commands are used in
the configuration examples; for more details about the syntax of commands, see the OmniSwitch AOS
Release 8 CLI Reference Guide.
The following topics and procedures are included in this chapter:
• “FCoE/FC Gateway Overview” on page 6-4.
The acronyms and abbreviations used in this chapter are defined here:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-2
Configuring an FCoE/FC Gateway In This Chapter
For more information about the OmniSwitch FIP snooping implementation, see Chapter 5, “Configuring
FIP Snooping.”
For more information about OmniSwitch support for lossless Ethernet, see Chapter 2, “Configuring Data
Center Bridging.”
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-3
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-4
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
• VSAN-to-FCoE VLAN mapping—an association between one OmniSwitch VSAN and one FCoE
VLAN.
– Native FC traffic received on FC ports associated with the mapped VSAN is converted to FCoE
traffic (encapsulated FC frames) and forwarded on the FCoE ports associated with the FCoE
VLAN.
– FCoE traffic received on FCoE ports associated with the mapped FCoE VLAN is converted to
native FC traffic.
Note. The OmniSwitch FCoE/FC gateway fabric is only used for N_Port proxy and F_Port proxy
operations. The E_Port proxy mode does not use the FCoE gateway fabric to establish an E2E tunnel path.
How it Works
Each VSAN-to-FCoE VLAN mapping and associated ports represents an independent fabric on the
OmniSwitch gateway. Devices only communicate with other devices connected through the same fabric
on the gateway switch. For example, the following diagram shows an OmniSwitch FCoE/FC gateway
switch with two separate fabrics: one fabric flows through VSAN 1 and the second fabric flows through
VSAN 2.
FC Switch-1 FC Switch-2
CNA Host
(ENode) VLAN 300
VLAN 200
VLAN 300
CNA Host
(ENode)
Fibre Channel Port Modes Mixed Mixed Port—ACLs applied to all FCoE traffic
FCF FCF Only Port—ACLs applied to FCF traffic
NP_Port Proxy N_Port
VE Virtual Expansion Port—ACLs applied to E2E traffic
F_Port Fabric Port
E_Port Fabric Expansion Port
N_Port Node Port
TE_Port Tunnel E_Port
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-5
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
In this example:
• VSAN 1 is associated with FC ports 2/1 and 2/2 and is mapped to FCoE VLAN 200, which is tagged
with FCoE ports 1/1 and 1/2.
• VSAN 2 is associated with FC ports 2/3 and 2/4 and is mapped to FCoE VLAN 300, which is tagged
with FCoE ports 1/2 and 1/3.
• VSAN 1 FC ports are connected to FC Switch 1; VSAN 2 FC ports are connected to FC Switch 2.
• The OS6900 gateway switch sends out two discovery advertisement messages: one message for VSAN
1 and one message for VSAN 2. Each active VSAN represents a separate FCoE forwarder.
• ENode requests with VLAN ID 200 are sent to FC Switch X and ENode requests with VLAN 300 are
sent to FC Switch Y.
• Communication between VSANs (fabrics) is not allowed. As a result, VLAN 200 traffic cannot reach
FC Switch Y and VLAN 300 traffic cannot reach FC Switch X.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-6
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
NP_Port F_Port
FCoE/FIP FC
FCoE/FIP FC
Can I get an FCID? My WWPN Can I get an FCID on NP_Port 2/1 for
is 30:01:11:11.11.11.11.11 WWPN 30:01:11:11:11:11:11:11 please?
Can I get an FCID? My WWPN Can I get an FCID on NP_Port 2/1 for
is 30:01:22:22:22:22:22:22. WWPN 30:01:22:22:22:22:22:22 please?
In this diagram,
1 The OS6900 port connecting to the FC switch is an FC port configured to operate as an NP_Port.
2 When the NP_Port comes up, the port attempts a fabric login through the F_Port on the FC switch.
3 Upon a successful login, the NP_Port is assigned a Fibre Channel ID (also called an N_Port ID).
4 The NP_Port can then request additional N_Port IDs for ENodes over the same physical port.
The N_Port proxy mode is activated on the switch when an FCoE VLAN is mapped to a VSAN, and at
least one FC interface assigned to the mapped VSAN is configured as a proxy node port (NP_Port).
The following diagram shows an example network topology in which an OmniSwitch FCoE/FC gateway
is operating as an N_Port proxy to allow ENodes to log into an FC SAN:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-7
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
FC Switch
FC Storage
F_Port F_Port
OS6900 FCoE/FC Gateway
NP_Port 2/1
VSAN 1 NP_Port 2/2 FC SAN
CNA Host
(ENode)
Fibre Channel Port Modes Mixed Mixed Port—ACLs applied to all FCoE traffic
FCF FCF Only Port—ACLs applied to FCF traffic
NP_Port Proxy N_Port
VE Virtual Expansion Port—ACLs applied to E2E traffic
F_Port Fabric Port
E_Port Fabric Expansion Port
N_Port Node Port
TE_Port Tunnel E_Port
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-8
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
• FCoE traffic received from ENode devices (CNA hosts) on FCoE ports 1/1 and 1/2 is converted to FC
traffic and sent out on FC port 2/1 or port 2/2 to the FC switch.
• FC traffic received from the FC switch on NP_Ports 2/1 and 2/2 is converted to FCoE traffic and sent
out on FCoE port 1/1 or 1/2.
See “Configuring an N_Port Proxy Operation” on page 6-22 for more information about configuring the
N_Port proxy mode on an OmniSwitch FCoE/FC gateway.
How it Works
When an OmniSwitch FC port is configured to operate as an NP_Port, the OmniSwitch gateway
automatically initiates a fabric login for the NP_Port. If the fabric login is successful, the FC switch
assigns a unique Fibre Channel ID (FCID) to the NP_Port. At this point, the N_Port proxy mode is active
on the NP_Port.
Once the N_Port proxy mode is active and there is a VSAN-to-FCoE VLAN mapping, the OmniSwitch
gateway can provide services to ENodes by participating in FCoE VLAN discovery and FCF discovery by
sending discovery advertisement messages.
• When an FCoE VLAN discovery message is received from an ENode, the OmniSwitch gateway will
respond back with the FCoE VLAN ID (for example, FCoE VLAN 200 as shown in the diagram on
page 6-8).
• When an FCF discovery solicitation message from an ENode is received, the OmniSwitch gateway
will respond back with a unicast discovery advertisement message.
The OmniSwitch FCoE/FC gateway forwards multicast discovery messages initiated by an ENode within
the designated FCoE VLAN. If this VLAN also provides access to FCFs or other NPIV gateways, the
ENode may receive replies from multiple FCFs or gateways, including the OmniSwitch. The FCF replies
contain a FIP priority, a verified maximum FCoE frame size and an availability bit (A-bit) setting. Based
on this information, the ENode selects one of the FCFs for FC fabric login (FLOGI).
• If the OmniSwitch gateway is not selected, then the switch will serve as an FCoE transit switch (FIP
snooping bridge) and forward the ENode traffic. No N_Port proxy functionality is provided for the
ENode.
• If the ENode does select the OmniSwitch gateway, the ENode sends a unicast FIP FLOGI request to
the OmniSwitch.
In the example shown on page 6-8, the OmniSwitch FCoE/FC gateway is the selected FCoE forwarder for
both ENodes. When the OmniSwitch receives a FIP FLOGI request with VLAN 200 from an ENode, the
OmniSwitch creates an FC fabric discovery (FDISC) message and transmits the message on one of the
NP_Ports in VSAN 1.
After the FDISC messages is sent, the OmniSwitch gateway may receive an FC Link Service Accept
(LS_ACC) or Link Service Reject (LS_RJT) reply from the FC switch connected to the NP_Port on which
the FDISC message was sent.
• If an FC LS_ACC message is received, the OmniSwitch gateway will generate a unique VN_Port
MAC address (combination of FC_MAP + FCID), convert the FC LS_ACC message into a FIP
LS_ACC message containing the VN_Port MAC address and then forward the LS_ACC to the ENode.
• If an FC LS_RJT message is received from the FC switch, the OmniSwitch gateway will simply
convert the message to a FIP LS_RJT message and then forward the message to the ENode.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-9
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
When the ENode successfully logs into the fabric, the OmniSwitch gateway will dynamically install ACLs
(FIP snooping) on the FCoE port where the FLOGI request from the ENode was received. In addition, the
OmniSwitch gateway will monitor the established login connections as follows:
• The OmniSwitch will send out periodic multicast discovery advertisements to the ALL-ENODE-MAC
to notify ENodes of its availability for new ENodes and its reachability for ENodes with sessions
already established through the gateway.
• The OmniSwitch listens for ENode and VN_Port keep-alive messages. If keep-alive messages are not
received, the switch will clear all the corresponding sessions.
• There are two types of logout events that will cause the switch to clear all corresponding sessions:
– An explicit logout event triggered by an ENode, FC switch, or OmniSwitch gateway.
– An implicit logout event triggered by a link down or missed keep-alive messages.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-10
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
Note. Use caution when configuring this method. A static assignment of an FCoE port to an NP_Port
overrides dynamic load balancing.
For more information about configuring the four load balancing methods, see “Configuring N_Port Proxy
Load Balancing” on page 6-23.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-11
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
FC Switch
F_Port F_Port
OS6900-Gateway A
NP_Port 2/1
VSAN 1 NP_Port 2/2
FC SAN
VLAN 200
Enode
1/1
FCoE Network
(Lossless Ethernet)
1/2
FCF
2/3 VLAN 200
FC HBA F_Port
(FC Node) VSAN 1
2/4 F_Port
OS6900-Gateway B
FC HBA
(FC Node)
Fibre Channel Port Modes Mixed Mixed Port—ACLs applied to all FCoE traffic
FCF FCF Only Port—ACLs applied to FCF traffic
NP_Port Proxy N_Port
VE Virtual Expansion Port—ACLs applied to E2E traffic
F_Port Fabric Port
E_Port Fabric Expansion Port
N_Port Node Port
TE_Port Tunnel E_Port
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-12
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
• On the Gateway B switch, FC ports 2/3 and 2/4 are configured to operate in the fabric port (F_Port)
mode and are also assigned to VSAN 1. These ports are connected to FC nodes. The Gateway B switch
will provide the connected FC nodes with access to FC devices across the FCoE network.
• On the Gateway A switch, NP_Ports 2/1 and 2/2 are assigned to VSAN 1. These ports will provide
N_Port proxy access to the FC switch.
• FCoE ports 1/1 and 1/2 are tagged with FCoE VLAN 200.
– Port 1/1 is configured as an FCoE ENode-only port, which means that dynamic ACLs are applied to
ENode traffic received on that port from the R-NPIV proxy switch.
– Port 1/2 is configured as an FCoE FCF-only port, which means that dynamic ACLs are applied to
traffic received directly from the NPIV proxy switch.
• FC traffic received from the FC nodes on F_Ports 2/3 and 2/4 is converted to FCoE traffic and sent out
FCoE port 1/2 to the Gateway A switch.
• FCoE traffic received from the Gateway B switch on FCoE port 1/1 is converted to FC traffic and sent
out on NP_Ports 2/1 or 2/2 to the FC switch.
See “Configuring an F_Port Proxy Operation” on page 6-24 for more information about configuring the
F_Port proxy mode on an OmniSwitch FCoE/FC gateway.
How it Works
This subsection describes how the OmniSwitch gateway provides F_Port proxy services that connect FC
node devices with FC switches across an FCoE network. The process described is based on the example
shown in “OmniSwitch F_Port Proxy (Reverse-NPIV) Example” on page 6-12.
• When the FC ports 2/3 and 2/4 are configured to operate as F_Ports and are up and running, the F_Port
proxy functionality is implicitly enabled on those ports. One of the main functions of the F_Port proxy
switch is to find FCoE forwarders and/or NPIV gateways on behalf of the FC nodes connected to the
F_Ports.
• The FCoE/FIP snooping functionality on the OmniSwitch gateway allows the switch to participate in
the FIP FCF discovery process to locate FCoE forwarders and NPIV gateway switches in the FCoE
network. In the example, the F_Port proxy switch listens on FCoE VLAN 200 for FIP FCF discovery
advertisements and finds the OS6900 N_Port proxy gateway.
• The F_Port proxy switch uses FCoE VLAN 200 for FIP FCF discovery because this VLAN is mapped
to VSAN 1 as part of the FCoE/FC gateway fabric. Therefore, the F_Port proxy switch did not have to
participate in the FIP VLAN discovery process to find VLAN 200 on which to transport FCoE traffic.
• If the F_Port proxy switch found more than one compatible FCF or gateway, the switch maintains a list
of these devices by continuing to monitor discovery advertisements. If the selected FCF or gateway
switch goes down, another device is selected from the list and all sessions are torn down and
instantiated again with the new FCF or gateway.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-13
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
• When the FC nodes connected to F_Ports 2/3 and 2/4 attempt to log in to the FC fabric by initiating FC
FLOGI requests, the F_Port proxy switch converts the requests to FIP FLOGI then forwards the FIP
FLOGI requests on FCoE VLAN 200 to the N_Port proxy switch.
• If an FC node sends FDISC messages from an NPIV HBA, these messages are converted in the same
manner as the FLOGI messages are converted for transport to and from the FC fabric.
• The N_Port proxy switch converts the FIP FLOGIs received to FC FLOGIs and relays the FC FLOGIs
on VSAN 1 to the FC switch. The FC switch then processes the log in request and responds with an FC
accept (LS_ACC) or reject (LS_RJT) message.
• When the N_Port proxy switch receives a response from the FC switch, the gateway converts the
response to a FIP response and forwards the response on FCoE VLAN 200 to the F_Port proxy switch.
The F_Port proxy switch then converts the response back to an FC frame and forwards the response on
VSAN 1 to the appropriate FC node.
• If the FC node login was accepted and a session established, the F_Port proxy switch maintains the
virtual connection by sending periodic keep-alive messages to the N_Port proxy switch on behalf of
the FC nodes. This is because an HBA on an FC node does not maintain keep-alive messages.
• If the F_Port proxy switch determines the N_Port proxy switch is no longer reachable, virtual
connections established with that switch are torn down. The FC nodes can then initiate login requests
again and the F_Port proxy will select another FCoE forwarder or NPIV gateway to establish new
virtual connections.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-14
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
OS6900-Gateway A
FC SAN
2/1 TE_Port VLAN 500
VE
FC Switch-1 1/1
E_Port
FC Storage
FCoE Network
(Lossless Ethernet)
FC Node
E_Port
1/2 FC Switch-2
VE
VLAN 500 TE_Port 2/2
FC SAN
OS6900-Gateway B
Fibre Channel Port Modes Mixed Mixed Port—ACLs applied to all FCoE traffic
FCF FCF Only Port—ACLs applied to FCF traffic
NP_Port Proxy N_Port
VE Virtual Expansion Port—ACLs applied to E2E traffic
F_Port Fabric Port
E_Port Fabric Expansion Port
N_Port Node Port
TE_Port Tunnel E_Port
• FCoE VLAN 500 is configured on both switches and identifies the tunnel path through the FCoE
network.
• OS6900 10G Ethernet ports 1/1 and 1/2 are configured as FCoE VE_Ports.
• OS6900 FC ports 2/1 and 2/2 are configured as tunnel expansion ports (TE_Ports) and connect to an
E_Port on an FC switch.
• The E2E tunnel path is defined by associating TE_Port 2/1 and VE_Port 1/1 with FCoE VLAN 500 on
Gateway A and associating TE_Port 2/2 and VE_Port 1/2 with FCoE VLAN 500 on Gateway B.
• Traffic from each FC SAN is tunneled to and from the OS6900 FC TE_Ports through the FCoE
VE_Ports. Each FC switch thinks it is directly connected to the other FC switch; the underlying tunnel
through the FCoE network is transparent.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-15
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
See “Configuring an E_Port Proxy Operation” on page 6-25 for more information about configuring the
E_Port proxy mode on an OmniSwitch FCoE/FC gateway.
How it Works
In an FC SAN, the FC switches provide connectivity for nodes accessing devices in the SAN. FC switches
are connected to each other through ports designated as expansion ports (E_Ports). This type of port
allows two FC switches to set up an inter-switch link (ISL) between each other.
In an FCoE network virtual expansion ports (VE_Ports) provide connectivity between FCoE forwarders or
gateways, similar to E_Port connectivity between native FC switches. This type of connectivity provides
the ability to extend E_Port connections across an FCoE network by tunneling E_Port traffic between
VE_Ports.
On the OmniSwitch, FCoE ports that will tunnel E_Port traffic through the FCoE network, are configured
as VE_Ports. An OmniSwitch FC port that will connect directly to an E_Port on an FC switch is
configured as a tunnel expansion port (TE_Port). These two port types and a common FCoE VLAN are
used to define the E2E tunnel endpoints.
As shown in the Figure 5 example page 6-15, two OmniSwitch FCoE/FC gateways are configured with a
single VE_Port and FCoE VLAN 500. In addition, both switches have an FC TE_Port connected directly
to an FC switch. On each OmniSwitch, an E2E tunnel endpoint is defined by the association of the
VE_Port and the TE_Port to the FCoE VLAN 500.
Defining the E2E tunnel endpoints does not establish a tunnel session. Once the required tunnel
components are configured and active, successful exchange of exchange link parameters (ELP) between a
TE_Port and a VE_Port will establish the tunnel session.
• VE_Ports participate in the FIP FCF discovery process. In the example, the VE_Ports discover the
other OS6900 gateway switch on FCoE VLAN 500.
• The OS6900 gateway will convert ELP received on the TE_Port to FIP ELP and relay the FIP ELP to
the selected FCF.
• The receiving VE_Port will validate the FIP ELP request, remove the Ethernet header, and send the FC
ELP request to the corresponding TE_Port.
• If the ELP exchange is successful, the tunnel session is instantiated on the VE_Ports.
Once the tunnel session is established, the VE_Ports will maintain the link by sending periodic FIP
discovery messages. At this point, all ISL data traffic is allowed to pass through the tunnel.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-16
Configuring an FCoE/FC Gateway FCoE/FC Gateway Overview
FLOGO LS_ACC
FLOGO LS_RJCT
VLAN Discovery F-bit setting E_Port proxy if the F-bit is set to
one.
SW_ACC
SW_RJCT
Keep-alive Packet type N_Port proxy
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-17
Configuring an FCoE/FC Gateway Interaction with Other Features
FIP Snooping
The OmniSwitch FCoE/FC gateway functionality is a superset of the OmniSwitch FIP snooping
implementation. FIP snooping ensures the security of the FCoE traffic entering the gateway switch. The
gateway switch converts FCoE encapsulated frames to FC frames for forwarding onto an FC SAN; the
gateway also converts FC frames to FCoE frames for forwarding onto an FCoE network.
Configuring the following FIP snooping components is required to support and define the FCoE/FC
gateway fabric on the OmniSwitch:
• FCoE VLAN—A type of VLAN that is dedicated to carrying only FCoE and FIP traffic. ENodes use
this type of VLAN to transmit and receive FCoE and FIP traffic and establish virtual links to an FC
SAN through the NPIV gateway.
Manual configuration of the FCoE VLAN is required along the FCoE network path and on the gate-
way switch. However, the ENode may invoke FIP VLAN discovery to discover the FCoE VLANs in
the network. If not, manual configuration of the FCoE VLANs may also be required on the appropri-
ate ENodes
If there is no FCoE/FC gateway functionality mapped to an FCoE VLAN, then only FIP snooping is
applied to traffic forwarded on the VLAN even if the VLAN is configured on an FCoE/FC gateway
switch.
• FCoE Port Roles—Determines the types of ACLs that are dynamically generated and applied to FCoE
traffic that ingresses on the FCoE port. For the FCoE/FC gateway E2E tunneling feature, the virtual
expansion port (VE_Port) role is used to allow exchange link parameters (ELP) to travel between FC
switches through an FCoE network. The mixed port role is used when the FCoE port will carry a
mixture of traffic (for example, E2E tunnel, ENode, FCF only traffic) all on the same port.
Having a good understanding of FCoE and FIP snooping is highly recommended when attempting to
configure FCoE/FC gateway features. For more information, see Chapter 5, “Configuring FIP Snooping.”
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-18
Configuring an FCoE/FC Gateway Interaction with Other Features
two directly connected peer switches. Enabled by default, DCBX is responsible for auto-negotiation
and auto-configuration of link parameters for DCB functions.
Note. A custom DCB profile for each of the FC ports is required to ensure an end-to-end lossless path
through the FCoE/FC gateway. See “Configuring FC Ports” on page 6-21 for more information.
For more information about DCB see Chapter 2, “Configuring Data Center Bridging,”
Hardware
This implementation of OmniSwitch FCoE/FC gateway functionality requires support for both 10G
Ethernet and Fibre Channel ports. The OmniSwitch 6900 provides both with the addition of the OS-XNI-
U12E module with the SFP-FC-SR transceiver.
The Fibre Channel ports are not available for use until they are configured to operate in a specific Fibre
Channel mode (NP_Port, F_Port, or TE_Port). Once configured, each port is assigned a 64-bit world wide
port name (WWPN) that is comprised of “10:00” plus the MAC address of the port. For example,
10:00:e8:e7:32:94:67:7d.
The World-wide Node Name (WWNN) for the OmniSwitch 6900 is comprised of “10:00” plus the next
available increment of the switch base MAC address. For example, if the switch MAC address is
e8:e7:32:6c:4a:39, then the WWNN for the switch is 10:00: e8:e7:32:6c:4a:3a.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-19
Configuring an FCoE/FC Gateway FCoE/FC Gateway Configuration Guidelines
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-20
Configuring an FCoE/FC Gateway Configuring FC Ports
• An OmniSwitch VSAN is a required component for an N_Port proxy and F_Port proxy configuration,
but a VSAN is not required to configure an E_Port proxy tunnel endpoint.
Configuring FC Ports
Configuring OS-XNI-U12E module ports with an SFP-FC-SR transceiver to ensure lossless gateway
connectivity with FC SAN devices requires the following configuration tasks:
1 Assigning a Data Center Bridging (DCB) profile to each FC port.
3 Configuring the Fibre Channel port mode to determine the FCoE/FC gateway operation provided on
the port.
Note that the operational mode is configured on a per-port basis. This allows the OmniSwitch to provide
multiple N_Port proxy, F_Port proxy, and E_Port proxy operations on the same switch.
1 Create the DCB profile using the qos qsp dcb import command with the 802.3x-pause option. For
example, the following command creates custom profile DCB 20, based on predefined profile 8:
-> qos qsp dcb 20 import qsp dcb 8 802.3x-pause
2 After creating the DCB profile, set the Priority Flow Control (PFC) willing bit to “no” on each FC port.
For example:
-> qos qsi port 2/6 dcb dcbx pfc willing no
-> qos qsi port 2/6 dcb dcbx pfc tlv disable
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-21
Configuring an FCoE/FC Gateway Configuring an N_Port Proxy Operation
The fibre-channel port mode command sets the port type to Fibre Channel and configures the FC
operational mode for the port. In the example, port 1/2/1 is configured as a Fibre Channel port that will
provide N_Port proxy operations for the gateway switch.
Note. If the required FIP snooping configuration is not enabled, FCoE is not active and the port will remain
down. For more information, see the “FCoE/FC Gateway Configuration Examples” on page 6-27 and
Chapter 5, “Configuring FIP Snooping.”
• At least one FC port that is assigned to the mapped VSAN is configured to operate as a proxy node
port (NP_Port).
• At least one FCoE port is tagged with the FCoE VLAN.
The fibre-channel port mode command is used to configure an FC port to operate in the N_Port proxy
mode. For example, the following command configures FC port 2/1 to operate as an NP_Port:
-> fibre-channel port 2/1 mode np
NP_Port 2/1 will connect to a native FC switch to provide N_Port login services for ENodes accessing the
OmniSwitch FCoE/FC gateway through an FCoE network. To identify which ENode traffic is serviced on
NP_Port 2/1, complete the following steps:
1 Create an OmniSwitch VSAN and map the VSAN to the FCoE VLAN on which ENode traffic is
forwarded. In the following example, the fibre-channel vsan command is used to create VSAN 10 and
the fcoe vsan-map command is used to map VSAN 10 to FCoE VLAN 500:
-> fibre-channel vsan 10
-> fcoe vsan-map vsan 10 vlan 500
2 Assign the NP_Port to the VSAN that is mapped to the FCoE VLAN using the fibre-channel vsan
members command. For example, the following command assigns NP_Port 2/1 to VSAN 10:
-> fibre-channel vsan 10 members 2/1
3 Configure the appropriate FCoE port role for the switch ports that will receive the FCoE traffic using
the fcoe role command. For example, the following command configures port 1/1 and 1/2 as FCoE mixed
ports:
-> fcoe port 1/1-2 role mixed
4 Tag the FCoE ports configured in Step 3 with FCoE VLAN 500. For example:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-22
Configuring an FCoE/FC Gateway Configuring an N_Port Proxy Operation
The load balancing method is applied globally to all switch NP_Ports. To change the load balancing
method applied back to dynamic, use the default parameter with the fibre-channel npiv-proxy load-
balance command. For example,
-> fibre-channel npiv-proxy load-balance default
• Use the show fibre-channel npiv-proxy load-balance command with the session-count option to
display the number of sessions on each FC port.
For more information, see “N_Port Proxy Load Balancing” on page 6-10.
In this example, FCoE port 1/1 is mapped to FC port 2/1, which is configured to operate as an NP_Port.
All ENode login requests received on port 1/1 are processed and directly forwarded to NP_Port 2/1.
To remove a static port mapping, use the no form of the fibre-channel npiv-proxy load-balance static
command. For example,
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-23
Configuring an FCoE/FC Gateway Configuring an F_Port Proxy Operation
Use the show fibre-channel npiv-proxy load-balance command with the static option to display the
static FCoE port mapping configuration for the switch.
For more information, see “Statically Assigning FCoE Ports to NP Ports” on page 6-23.
• At least one FC port that is assigned to the mapped VSAN is configured to operate as a fabric port
(F_Port).
• At least one FCoE port (configured as an FCF only, mixed, or trusted FCoE port) tagged with the
FCoE VLAN.
The fibre-channel port mode command is used to configure an FC port to operate in the F_Port proxy
mode. For example, the following command configures FC port 2/2 to operate as an F_Port proxy:
-> fibre-channel port 2/2 mode f
To identify which FC node traffic is serviced on F_Port 2/2, complete the following steps:
1 Create an OmniSwitch VSAN and map the VSAN to the FCoE VLAN on which converted FC node
traffic will be forwarded through the FCoE network. In the following example, the fibre-channel vsan
command is used to create VSAN 10 and the fcoe vsan-map command is used to map VSAN 10 to FCoE
VLAN 500:
-> fibre-channel vsan 10
-> fcoe vsan-map vsan 10 vlan 500
2 Assign the F_Port to the VSAN that is mapped to the FCoE VLAN using the fibre-channel vsan
members command. For example, the following command assigns F_Port 2/2 to VSAN 10:
-> fibre-channel vsan 10 members 2/2
3 Configure at least one port as an FCF only, mixed, or trusted FCoE port using the fcoe role command.
For example, the following command configures port 1/1 as an FCoE mixed port:
-> fcoe port 1/1 role mixed
4 Tag the FCoE ports that will forward the converted FC traffic to FCoE VLAN 500. Make sure that at
least one of the FCoE ports tagged is configured as an FCF only, mixed, or trusted FCoE port. In the
following example, the vlan members tagged command is used to tag FCoE ports 1/1 and 1/2 to FCoE
VLAN 500:
-> vlan 500 members port 1/1-2 tagged
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-24
Configuring an FCoE/FC Gateway Configuring an E_Port Proxy Operation
• Use the show fibre-channel vsan command and the show fibre-channel vsan members command to
display the VSAN configuration and the FC ports associated with the configured VSANs.
• Use the show fibre-channel port command to display the operational mode for each FC port.
• Use the show fcoe vsan-map command to determine which FCoE VLANs are mapped to which
OmniSwitch VSANs.
For more information about F_Port proxy functionality, see “Using the F_Port Proxy Mode” on page 6-11.
The FCoE port role is used by FIP snooping to define ACLs that are applied to the VE_Port to secure
tunnel traffic through the FCoE network.
After the FCoE port is configured as a VE_Port, the port is then tagged with the designated FCoE VLAN
for the tunnel. For example, the following vlan members tagged command tags FCoE port 1/1 with FCoE
VLAN 500.
-> vlan 500 members port 1/1 tagged
Once the VE_Port is tagged with the tunnel FCoE VLAN, the FC TE_Port is then assigned to the same
FCoE VLAN using the fcoe e-tunnel command. This command also assigns a tunnel ID for this endpoint.
For example, the following command assigns TE_Port 2/3 to FCoE VLAN 500 (the same VLAN to which
VE_Port 1/1 was assigned):
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-25
Configuring an FCoE/FC Gateway Configuring an E_Port Proxy Operation
The E2E tunnel endpoint is now configured. When the other endpoint is configured with a different tunnel
ID and all associated ports are up and running, the tunnel session is established between the two endpoints
via exchange link parameters (ELP). The ELP are transmitted through the FCoE network between the FC
switches connected to the OmniSwitch TE_Ports associated with the same tunnel ID.
In this example, the fc-port2 parameter is used instead of the vlan parameter. This defines the tunnel as an
internal TE_Port tunnel, instead of a VE_Port tunnel. A TE_Port tunnel does not traverse the FCoE
network, so there is no need to associate the TE_Port with an FCoE VLAN. Each TE_Port is the endpoint
for this type of tunnel.
To display the E2E tunnel configuration for the switch, use the show fcoe e-tunnel command.
For more information about the E2E tunneling feature, see “Using the E_Port Proxy Mode” on page 6-14.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-26
Configuring an FCoE/FC Gateway FCoE/FC Gateway Configuration Examples
• Inter-switch link trunking between E2E tunnel endpoints (FC switch to FC switch).
FCoE Network
(Lossless Ethernet)
1/1
Mixed
1/2 Edge VLAN 200 TE_Port
VSAN 1
F_Port
2/2
2/1 OS6900-Gateway B
CNA Host
E_Port
(ENode)
FC Switch-3
FC HBA
(FC Node)
Fibre Channel Port Modes Mixed Mixed Port—ACLs applied to all FCoE traffic
FCF FCF Only Port—ACLs applied to FCF traffic
NP_Port Proxy N_Port
VE Virtual Expansion Port—ACLs applied to E2E traffic
F_Port Fabric Port
E_Port Fabric Expansion Port
N_Port Node Port
TE_Port Tunnel E_Port
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-27
Configuring an FCoE/FC Gateway FCoE/FC Gateway Configuration Examples
To the ENodes, FC nodes, and FC switch in this sample topology, the underlying Ethernet links through
the FCoE network path appear as a direct point-to-point connection that is expected in a native FC SAN.
• The FIP snooping, E_Port proxy, and E_Port proxy operations are enabled on the OS6900-Gateway A.
• The FIP snooping, F_Port proxy, and E_Port proxy operations are enabled on the OS6900-Gateway B.
• Port 1/1 on Gateway A receives all traffic (FIP snooping, F_Port, E_Port) from Gateway B through
FCoE VLAN 200. As a result, FCoE port 1/1 is configured with the FCoE port role set to mixed so that
FIP snooping is applied to all traffic types.
• Port 1/1 on Gateway B also receives all traffic (FIP snooping, NP_Port, E_Port) from Gateway A
through FCoE VLAN 200. As a result, FCoE port 1/1 is configured with the FCoE port role set to
mixed so that FIP snooping is applied to all traffic types.
• FCoE VLAN 200 is configured through the FCoE network (manually on each OS6900 gateway switch
and, if necessary, manually on the ENodes).
The following configuration information provides an example of how the FCoE/FC gateway functionality
is configured for each OmniSwitch in the sample FCoE/FC gateway topology.
OS6900-Gateway A
FIP snooping is a required component for setting up an OmniSwitch FCoE/FC gateway. The following
sample commands configure FIP snooping and lossless Ethernet on OS6900-Gateway A:
-> fcoe vlan 200
-> fcoe port 1/1 role mixed
-> vlan 200 members port 1/1 tagged
-> qos port 1/1 trusted default classification 802.1p
-> qos qsp dcb FCOE-1 import qsp dcb 7 fcoe
-> qos qsi port 1/1 qsp dcb FCOE-1
-> lldp port 1/1 tlv application enable
-> lldp port 1/1 tlv application fcoe priority 3
-> fcoe fip-snooping admin-state enable
By default, VSAN 1 already exists in the switch configuration and all OmniSwitch FC ports are assigned
to VSAN 1. As a result, the only VSAN configuration required for this example is to map VSAN 1 to
FCoE VLAN 200. For informational purposes, the commands to create the VSAN and assign the
NP_Ports are included in the following sample commands used to configure N_Port proxy functionality
on OS6900-Gateway A:
-> fibre-channel vsan 1
-> fcoe vsan-map vsan 1 vlan 200
-> fibre-channel fc-port 2/2 mode np
-> fibre-channel fc-port 2/3 mode np
-> fibre-channel vsan 1 members 2/2-3
The following sample commands configure an E_Port proxy (E2E tunnel) endpoint on OS6900-Gateway
A. Note that a VSAN mapping to an FCoE VLAN is not required for E2E tunnel traffic. Instead, an FC
port configured to operate as a tunnel E_Port is directly associated with FCoE VLAN 200 to carry tunnel
traffic.
-> fibre-channel fc-port 2/1 mode te
-> fcoe e-tunnel 1
-> fcoe e-tunnel 1 fc-port1 2/1 vlan 200
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-28
Configuring an FCoE/FC Gateway FCoE/FC Gateway Configuration Examples
OS6900-Gateway B
The following sample commands configure FIP snooping and lossless Ethernet on the OS6900-Gateway B
switch:
-> fcoe vlan 200
-> fcoe port 1/1 role mixed
-> fcoe port 1/2 role edge
-> vlan 200 members port 1/1-2 tagged
-> qos port 1/1 trusted default classification 802.1p
-> qos qsp dcb FCOE-1 import qsp dcb 7 fcoe
-> qos qsi port 1/1-2 qsp dcb FCOE-1
-> lldp port 1/1-2 tlv application enable
-> lldp port 1/1-2 tlv application fcoe priority 3
-> fcoe fip-snooping admin-state enable
The following sample commands configure F_Port proxy functionality on the OS6900-Gateway B switch:
-> fibre-channel vsan 1
-> fcoe vsan-map vsan 1 vlan 200
-> fibre-channel fc-port 2/1 mode f
-> fibre-channel vsan 1 members port 2/1
The following sample commands configure an E_Port proxy (E2E tunnel) endpoint on the OS6900-
Gateway B switch. Note that the tunnel ID used in this sample is the same as the tunnel ID used on the
OS6900-Gateway A switch. This identifies both endpoints as members of the same tunnel.
-> fibre-channel fc-port 2/2 mode te
-> fcoe e-tunnel 1
-> fcoe e-tunnel 1 fc-port1 2/2 vlan 200
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-29
Configuring an FCoE/FC Gateway FCoE/FC Gateway Configuration Examples
F_Port FC Storage
N_Port Proxy
N_Port F_Port Proxy
NP_Port 2/2
F_Port VSAN 1
VM2 2/1 NP_Port
FC HBA
(FC Node) VLAN 200 FC Storage
Fibre Channel Port Modes Mixed Mixed Port—ACLs applied to all FCoE traffic
FCF FCF Only Port—ACLs applied to FCF traffic
NP_Port Proxy N_Port
VE Virtual Expansion Port—ACLs applied to E2E traffic
F_Port Fabric Port
E_Port Fabric Expansion Port
N_Port Node Port
TE_Port Tunnel E_Port
In this example, the OmniSwitch gateway emulates both an FC switch and an FCoE forwarder to allow the
FC NPIV server and associated VMs to connect and access the targeted FC storage in the FC SAN.
• The F_Port proxy operation is enabled on port 2/1, which connects directly to an FC HBA port on the
server. This allows the FC HBA to communicate over Ethernet (OmniSwitch gateway) with the FC
switch fabric.
• The N_Port proxy operation is enabled on port 2/2, which connects directly to an F_Port on the native
FC switch. This allows the OmniSwitch to also serve as an FCoE forwarder for the FC HBA sessions.
• Port 2/1 and port 2/2 are assigned to VSAN 1, which is mapped to FCoE VLAN 200.
• The OmniSwitch gateway presents an F_Port to an N_Port on the HBA and an NP_Port to the F_Port
on the FC switch.
• NPIV is enabled on the FC HBA port to allow the server to request a separate FCID (also called an
N_Port ID) for VM1 and VM2. This is similar to how the N_Port proxy operation uses NPIV to allow
the OmniSwitch to request multiple FCIDs on the same physical port.
• Once the physical FC HBA port logs into the FC switch fabric through the OmniSwitch gateway, the
server then requests additional logins for each of the VMs.
• In this scenario, the OmniSwitch gateway does not have to track FC-to-FC session reachability (does
not need keep-alive messages to track the sessions). However, the OmniSwitch does maintain session
information for the three login sessions (one for the HBA port and one for each VM).
• Note that there is no Ethernet FCoE port configuration needed in this example. The FCoE VLAN
handles the convergence of the FC traffic for ports associated with VSAN 1. So FC over Ethernet is
achieved on the same gateway switch to allow a native FC node to communicate with a native FC
switch fabric.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-30
Configuring an FCoE/FC Gateway FCoE/FC Gateway Configuration Examples
The following show fibre-channel sessions command output provides a sample of how the FC HBA
sessions might appear on the OmniSwitch gateway (the device represented in each session is highlighted
with the same color used to represent the device in the example diagram on page 6-30):
In this example,
• The WWPNs are those of the OmniSwitch FC ports (F_Port 2/1 and NP_Port 2/6) on which the
sessions were established.
• The “FCID” column displays a unique FCID for each device per each session type on each port. Since
there are two VMs on the FC node server, there are three sessions on each OmniSwitch port: one for
the physical FC HBA port and one for each VM.
• The “Login” column displays “FLOGI” or “FDISC”. The FLOGI session represents the initial fabric
login of the physical FC HBA port. Each FDISC session represents the fabric login for each VM.
When using NPIV, the NP_Port sends FDISC requests on behalf of devices accessing the fabric on the
NP_Port. The FLOGI request is for the initial fabric login of the physical NP_Port.
• Sessions are shown for the same three FCIDs on each port. This is because the port 2/1 sessions
represent the F_Port sessions directly from the FC HBA and the port 2/6 sessions represent the N_Port
proxy sessions requested by the OmniSwitch FCoE forwarder for the same FCIDs.
• To the FC HBA and the two VMs, the connection through the OmniSwitch gateway to the FC switch
fabric is transparent. Because the HBA is also using NPIV, each VM session is uniquely identified and,
therefore, separately tracked.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-31
Configuring an FCoE/FC Gateway Verifying the FCoE/FC Gateway Configuration
show fibre-channel vsan Displays the local OmniSwitch VSAN configuration. VSANs
identify the OmniSwitch FC ports as members of a specific FCoE/
FC gateway fabric.
show fibre-channel vsan Displays the FC ports associated with each VSAN.
members
show fibre-channel port Displays the OmniSwitch FC port configuration, including port
operating modes, for the switch. The port mode determines the
FCoE/FC gateway functionality enabled on the port.
show fcoe vsan-map Displays the VSAN mapping configuration for the switch. VSANs
are mapped to FCoE VLANs as part of the local gateway fabric.
show fibre-channel sessions Displays the N_Port proxy, F_Port proxy, and E_Port proxy
sessions associated with the local switch. Use the clear fibre-
channel sessions command to clear sessions on all FC ports.
show fibre-channel node Displays a list of FC nodes connected to OmniSwitch FC ports.
show fcoe e-tunnel Displays the E2E tunnel configuration for the switch.
show fibre-channel Displays the global FCoE/FC gateway parameter values for the
switch.
show fibre-channel statistics Displays FC port statistics. Use the clear fibre-channel statistics
command to reset the statistics information.
To display information about the FIP snooping configuration, use the show commands listed in the
following table:
show fcoe Displays the global FCoE FIP snooping status and configuration for
the switch.
show fcoe ports Displays the FCoE port configuration, including port roles, for the
switch. The port role determines the FIP snooping ACL
configuration for the port.
show fcoe sessions Displays the FIP sessions associated with the local switch.
show fcoe enode Displays ENode information for the FIP sessions associated with
the local switch.
show fcoe fcf Displays FCF information for the FIP sessions associated with the
local switch.
show fcoe fc-map Displays the Fibre Channel Mapped Address Prefix (FC-MAP)
configuration.
show fcoe discovery- Displays the FIP discovery advertisement message parameter
advertisement values.
show fcoe statistics Displays ENode and FCF generated session statistics. Use the clear
fcoe statistics command to reset the statistics information.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 6-32
7 Virtual Machine
Classification
Server virtualization in the data center is happening now. The OmniSwitch implementation of Virtual
Network Profiles (vNPs) helps to automate the discovery and movement of virtual machines (VMs).
A vNP is basically a Universal Network Profile (UNP) that will classify virtual machines in the same
manner as any other device connected to a UNP port. Once a virtual machine (or any other such device) is
assigned to a vNP, the virtual machine traffic is bound to a VLAN, a Shortest Path Bridging (SPB) service,
or a Virtual eXtensible Local Area Network (VXLAN) service as defined in the profile. In addition, any
QoS policies associated with the profile are also applied to the VM traffic.
In This Chapter
This chapter describes the functionality provided with the vNP feature and how this feature is used to
classify virtual machines into the OmniSwitch bridging or service domain. It provides information about
configuring vNP through the Command Line Interface (CLI). CLI commands are used in the configuration
examples; for more details about the syntax of commands, see the OmniSwitch AOS Release 8 CLI
Reference Guide.
The following topics and procedures are included in this chapter:
• “Server Virtualization Overview” on page 7-2.
For more information about UNP, see the “Configuring Access Guardian” chapter in the OmniSwitch AOS
Release 8 Network Configuration Guide.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 7-1
Virtual Machine Classification Server Virtualization Overview
Host Server
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 7-2
Virtual Machine Classification Classifying Virtual Machines
UNP Overview
This section provides an overview of UNP functionality, which is not restricted to supporting only data
center solutions. For more information about UNP, see the “Configuring Access Guardian” chapter in the
OmniSwitch AOS Release 8 Network Configuration Guide.
The UNP feature provides the ability to define and apply network access control to specific types of
devices by grouping such devices according to specific matching profile criteria. This allows network
administrators to create virtual network profiles (vNPs) and user network profiles from a unified
framework of operation and administration.
Basically, UNP functionality is used to define profile-based VLANs or SPB service access points (SAPs)
to which network devices are assigned. The profile can allow, deny, or require actions by users or
machines on the network. Because membership to a VLAN or service is based on UNP profile criteria,
devices assigned to the VLAN or service are not tied to a specific port or switch. This flexibility allows
device mobility within the network while maintaining network security.
Implementing UNP functionality to create virtual network profiles is particularly useful in an Alcatel-
Lucent Enterprise data center switching architecture. A vNP can define information such as access control
rights, a VLAN or SPB service assignment, along with expected quality of service (QoS) levels for data
center machines. This type of information can help virtual machines to securely bind to a VLAN bridged
domain or an SPB service domain.
Profile Types
The OmniSwitch supports two separate traffic domains: VLAN and service. Traffic is classified into each
domain based on the UNP profile type.
• VLAN profile. This type of profile creates a VLAN-port association (VPA) for device traffic that is
classified into the profile. The VPA represents an association between the UNP port on which the
device traffic was received and the VLAN ID specified by the profile. In other words, once classified
into a specific profile, device traffic is tagged to forward on the UNP VLAN.
• Service profile. The OmniSwitch supports Shortest Path Bridging (SPB) and Virtual eXtensible Local
Area Network (VXLAN) services. This type of profile creates an association between device traffic
that is classified into the profile and an SPB or VXLAN service access point (SAP).
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 7-3
Virtual Machine Classification Classifying Virtual Machines
Classification Rules
A vNP can also define specific classification rules that are used to assign virtual machines to a profile. The
following classification rules (shown in the order of precedence) are used to classify traffic received on
UNP bridge and access ports:
1 Port
2 Domain
3 MAC address
4 MAC OUI
7 Authentication Type
8 IP address
9 VLAN tag
In addition to classification rules, UNP provides the ability to trust the VLAN tag of incoming traffic. This
means that virtual machines can be provisioned into the VLAN tag pre-assigned by the virtualized server
hypervisor. Each UNP port can then be assigned a default UNP to classify untagged traffic when all
classification mechanisms either fail or are not available.
How it Works
Dynamic assignment of devices using UNPs is achieved through port-based functionality that provides the
ability to authenticate and classify device traffic. Authentication verifies the device identity and provides a
UNP name. In the event authentication is not available or is unsuccessful, classification rules associated
with the UNPs, as well as the UNP port configuration attributes, are applied to the traffic to determine the
UNP assignment.
There is no global switch setting to invoke UNP (vNP) functionality. Instead, switch ports are configured
as a UNP bridge port or a UNP access port and profiles are defined to determine the dynamic VLAN or
service assignment for devices connected through the UNP ports.
When UNP is enabled on a switch port or link aggregate, the following device classification process is
triggered when the port receives traffic:
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 7-4
Virtual Machine Classification Classifying Virtual Machines
MAC Authentication
(RADIUS Server}
Dynamic SAP
(Service Access Point)
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 7-5
Virtual Machine Classification Classifying Virtual Machines
Server D
Server E Server F
vNP-1 VM-1
vNP-2 VM-2
Server A Server B Server C
In this example,
• On each switch that is connected to a server, virtual network profiles vNP-1 and vNP-2 are configured
to classify and forward traffic for virtual machines VM-1 and VM-2.
• The virtual network profiles specify either a VLAN ID or service ID that will carry virtual machine
traffic through the data center mesh to other servers (either within the same mesh or through the cloud
to another mesh) and if any QoS policies are applied to virtual machine traffic.
• Each port connected to a server is enabled with UNP functionality.
• When the MAC address for VM-1 and for VM-2 is discovered on a UNP port, the switch applies the
profile configuration to each MAC address to classify each virtual machine into a VLAN or SPB
service. As a result,
– VM-1 is assigned to the vNP-1 profile. The profile attributes then determine the VLAN or service
assignment and if any QoS policies are applied to VM-1 traffic.
– VM-2 is assigned to the vNP-2 profile. The profile attributes then determine the VLAN or service
assignment and if any QoS policies are applied to VM-2 traffic.
• If VM-1 or VM-2 is moved to another server, as shown in this sample network, VM-1 will get assigned
to vNP-1 and VM-2 will get assigned to vNP-2, thus the network access control configuration for each
virtual machine is preserved whenever it moves to another server.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 7-6
Virtual Machine Classification Classifying Virtual Machines
OmniVista 2500 provides a single pane of management for VMs across the network, which includes VM
visibility and their point of association to the network. This gives network administrators a dashboard to
determine and track the following information:
• Virtual machine locations.
VMM is an embedded application within OmniVista that consists of the following components:
• vCenter integration: VM discovery, VM polling and event listener service will listen to preference
changes and event notifications.
• vNP configuration: Profiles of UNP configuration that specify the configuration associated with each
VM VLAN. The profiles can be assigned to switches, as and when needed.
• VLAN Notification: Displays a list of VM instances where the network is missing some configuration
to effectively handle VMs attached. This allows the administrator to be proactive in identifying and
correcting any necessary network configuration.
• OmniVista Locator: Provides the ability to search for specific VMs using various search criteria.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page 7-7
A Software License and
Copyright Statements
This appendix contains ALE USA, Inc. and third-party software vendor license and copyright statements.
By opening this package, you accept and agree to the terms of this license agreement. If you are not
willing to be bound by the terms of this license agreement, do not open this package. Please
promptly return the product and any materials in unopened form to the place where you obtained it
for a full refund.
1. License Grant. This is a license, not a sales agreement, between you (the “Licensee”) and ALE USA,
Inc. ALE USA, Inc. hereby grants to Licensee, and Licensee accepts, a non-exclusive license to use
program media and computer software contained therein (the “Licensed Files”) and the accompanying
user documentation (collectively the “Licensed Materials”), only as authorized in this License Agreement.
Licensee, subject to the terms of this License Agreement, may use one copy of the Licensed Files on the
Licensee’s system. Licensee agrees not to assign, sublicense, transfer, pledge, lease, rent, or share their
rights under this License Agreement. Licensee may retain the program media for backup purposes with
retention of the copyright and other proprietary notices. Except as authorized under this paragraph, no
copies of the Licensed Materials or any portions thereof may be made by Licensee and Licensee shall not
modify, decompile, disassemble, reverse engineer, or otherwise attempt to derive the Source Code.
Licensee is also advised that ALE USA, Inc. products contain embedded software known as firmware
which resides in silicon. Licensee may not copy the firmware or transfer the firmware to another medium.
2. ALE USA, Inc.’s Rights. Licensee acknowledges and agrees that the Licensed Materials are the sole
property of ALE USA, Inc. and its licensors (herein “its licensors”), protected by U.S. copyright law,
trademark law, and are licensed on a right to use basis. Licensee further acknowledges and agrees that all
rights, title, and interest in and to the Licensed Materials are and shall remain with ALE USA, Inc. and its
licensors and that no such right, license, or interest shall be asserted with respect to such copyrights and
trademarks. This License Agreement does not convey to Licensee an interest in or to the Licensed
Materials, but only a limited right to use revocable in accordance with the terms of this License
Agreement.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page A-1
Software License and Copyright Statements ALE USA, Inc. License Agreement
3. Confidentiality. ALE USA, Inc. considers the Licensed Files to contain valuable trade secrets of ALE
USA, Inc., the unauthorized disclosure of which could cause irreparable harm to ALE USA, Inc. Except as
expressly set forth herein, Licensee agrees to use reasonable efforts not to disclose the Licensed Files to
any third party and not to use the Licensed Files other than for the purpose authorized by this License
Agreement. This confidentiality obligation shall continue after any termination of this License Agreement.
4. Indemnity. Licensee agrees to indemnify, defend and hold ALE USA, Inc. harmless from any claim,
lawsuit, legal proceeding, settlement or judgment (including without limitation ALE USA, Inc.’s
reasonable United States and local attorneys’ and expert witnesses’ fees and costs) arising out of or in
connection with the unauthorized copying, marketing, performance or distribution of the Licensed Files.
5. Limited Warranty. ALE USA, Inc. warrants, for Licensee’s benefit alone, that the program media
shall, for a period of ninety (90) days from the date of commencement of this License Agreement (referred
to as the Warranty Period), be free from defects in material and workmanship. ALE USA, Inc. further
warrants, for Licensee benefit alone, that during the Warranty Period the Licensed Files shall operate
substantially in accordance with the functional specifications in the User Guide. If during the Warranty
Period, a defect in the Licensed Files appears, Licensee may return the Licensed Files to ALE USA, Inc.
for either replacement or, if so elected by ALE USA, Inc., refund of amounts paid by Licensee under this
License Agreement. EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE LICENSED
MATERIALS ARE LICENSED “AS IS” AND ALE USA, INC. AND ITS LICENSORS DISCLAIM
ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING
(WITHOUT LIMITATION) ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW THE EXCLUSION OF
IMPLIED WARRANTIES SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO LICENSEE. THIS
WARRANTY GIVES THE LICENSEE SPECIFIC LEGAL RIGHTS. LICENSEE MAY ALSO HAVE
OTHER RIGHTS WHICH VARY FROM STATE TO STATE.
6. Limitation of Liability. ALE USA, Inc.’s cumulative liability to Licensee or any other party for any
loss or damages resulting from any claims, demands, or actions arising out of or relating to this License
Agreement shall not exceed the license fee paid to ALE USA, Inc. for the Licensed Materials. IN NO
EVENT SHALL ALE USA, INC. BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
CONSEQUENTIAL, SPECIAL, OR EXEMPLARY DAMAGES OR LOST PROFITS, EVEN IF ALE
USA, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO
NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION TO INCIDENTAL
OR CONSEQUENTIAL DAMAGES MAY NOT APPLY TO LICENSEE.
7. Export Control. This product is subject to the jurisdiction of the United States. Licensee may not
export or reexport the Licensed Files, without complying with all United States export laws and
regulations, including but not limited to (i) obtaining prior authorization from the U.S. Department of
Commerce if a validated export license is required, and (ii) obtaining “written assurances” from licensees,
if required.
8. Support and Maintenance. Except as may be provided in a separate agreement between ALE USA,
Inc. and Licensee, if any, ALE USA, Inc. is under no obligation to maintain or support the copies of the
Licensed Files made and distributed hereunder and ALE USA, Inc. has no obligation to furnish Licensee
with any further assistance, documentation or information of any nature or kind.
9. Term. This License Agreement is effective upon Licensee opening this package and shall continue until
terminated. Licensee may terminate this License Agreement at any time by returning the Licensed
Materials and all copies thereof and extracts therefrom to ALE USA, Inc. and certifying to ALE USA, Inc.
in writing that all Licensed Materials and all copies thereof and extracts therefrom have been returned or
erased by the memory of Licensee’s computer or made non-readable. ALE USA, Inc. may terminate this
License Agreement upon the breach by Licensee of any term hereof. Upon such termination by
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page A-2
Software License and Copyright Statements ALE USA, Inc. License Agreement
ALE USA, Inc., Licensee agrees to return to ALE USA, Inc. or destroy the Licensed Materials and all
copies and portions thereof.
10. Governing Law. This License Agreement shall be construed and governed in accordance with the
laws of the State of California.
11. Severability. Should any term of this License Agreement be declared void or unenforceable by any
court of competent jurisdiction, such declaration shall have no effect on the remaining terms herein.
12. No Waiver. The failure of either party to enforce any rights granted hereunder or to take action against
the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to
subsequent enforcement of rights or subsequent actions in the event of future breaches.
13. Notes to United States Government Users. Software and documentation are provided with restricted
rights. Use, duplication or disclosure by the government is subject to (i) restrictions set forth in GSA ADP
Schedule Contract with ALE USA, Inc.’s reseller(s), or (ii) restrictions set forth in subparagraph (c) (1)
and (2) of 48 CFR 52.227-19, as applicable.
14.Third Party Materials. Licensee is notified that the Licensed Files contain third party software and
materials licensed to ALE USA, Inc. by certain third party licensors. Some third party licensors are third
part beneficiaries to this License Agreement with full rights of enforcement. Please refer to the section
entitled “Third Party Licenses and Notices” on page -4 for the third party license and notice terms.
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page A-3
Software License and Copyright Statements Third Party Licenses and Notices
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 page A-4
Index qos qsi qsp dcb dcbx admin-state command 2-23
qos qsi qsp dcb dcbx ets command 2-23
qos qsi qsp dcb dcbx pfc command 2-23
qos qsp dcb import command 2-21
qos qsp dcb tc command 2-21
S
service access command 3-21
D service access l2profile command 3-23
Data Center Bridging 2-1, 5-11, 6-18 service access vlan-xlation command 3-18, 3-21
Interaction with Other Features 2-12, 5-11, 6-18 service admin-state command 3-18
Profiles 2-14 service bind-sdp command 3-29
Data Center Bridging Exchange 2-1, 2-10 service l2profile command 3-22
DCB see Data Center Bridging service sap admin-state command 3-25
DCBx see Data Center Bridging Exchange service sap command 3-23
service sap trusted command 3-25
E service sdp command 3-27
service vlan-xlation command 3-18
Enhanced Transmission Selection 2-1, 2-6
service vxlan command 3-17
ETS see Enhanced Transmission Selection
service vxlan udp-port command 3-30
show fibre-channel sessions command 6-31
F show qos qsi dcbx command 2-23
fcoe address-mode command 5-18 show qos qsp dcb command 2-21
fcoe e-tunnel command 6-25, 6-26 show service access command 3-23
fcoe fcf mac command 5-20 show service bind-sdp command 3-29
fcoe fc-map command 5-21 show service command 3-19
fcoe filtering-resource trap-threshold command 5-19 show service ports command 3-26
fcoe fip-snooping command 5-18 show service sdp vxlan command 3-27
fcoe house-keeping-time-period command 5-20
FCoE Initialization Protocol 3-11, 5-1
U
fcoe priority command 5-19
Universal Network Profile
fcoe priority-protection action command 5-19
Profile Types 7-3
fcoe priority-protection command 5-18
fcoe role command 5-21, 6-22, 6-24, 6-25
FCoE see Fibre Channel over Ethernet V
fcoe vlan command 5-20 Virtual Machines
fcoe vsan-map command 6-22, 6-24 Classifying 7-3
FCoE/FC Gateway 1-4, 6-1 Tracking 7-7
E_Port proxy 1-4, 6-1 vm-snooping admin-state command 4-13
F_Port proxy 1-4, 6-1 vm-snooping aging-timer command 4-16
N_Port proxy 1-4, 6-1 vm-snooping filtering-resource trap threshold command 4-16
Fibre Channel over Ethernet 5-1 vm-snooping logging-threshold command 4-17
fibre-channel npiv-proxy load-balance command 6-23 vm-snooping policy-mode command 4-14
fibre-channel npiv-proxy load-balance static command 6-23 vm-snooping port command 4-17
fibre-channel port mode command 6-22, 6-24, 6-25 vm-snooping sampling-rate command 4-16
fibre-channel vsan command 6-22, 6-24 vm-snooping static-policy-rule command 4-15
fibre-channel vsan members command 6-22, 6-24 vm-snooping trap command 4-15
FIP snooping 5-1 vm-snooping vxlan udp-port command 4-16
FIPsee FCoE Initialization Protocol VXLAN Gateway
benefits 3-1
P VXLAN Snooping
benefits 4-1
PFC see Priority-based Flow Control
VM snooping 4-1
policy condition vxlan command 4-13
Priority-based Flow Control 2-1, 2-4
Q
qos qsi qsp dcb command 2-21
OmniSwitch AOS Release 8 Data Center Switching Guide July 2020 Index-1