efa tenant epg create
Creates a Layer 3 endpoint group.
Syntax
Parameters
- --name epg-name
- Specifies the name of the endpoint group.
- --tenant tenant-name
- Specifies the name of the associated tenant.
- --description desc
- Describes the endpoint group.
- --port ip-ethport
- Specifies the device IP address and Ethernet port details. Example: SW1_IP[0/1], SW2_IP[0/5,0/6], SW3_IP[0/7-10]
- --po po-name
- Lists port channels. Example: po1, po2
- --switchport-mode { access | trunk | trunk-no-default-native }
- Configures switch port mode
on the interfaces. The default is
trunk
. - --type { l3-hand-off | extension | port-profile }
- Configures the BGP service type. Valid
values are l3-hand-off, port-profile, or extension. The default is
extension
. - --switchport-native-vlan-tagging
- Enables the native VLAN
characteristics on the ports of this endpoint group. Valid only if the
switchport-mode
parameter is set totrunk
. - --switchport-native-vlan value
- Configures native VLAN on the
interfaces. Valid values are 2 through 4090, corresponding to the value of
the
ctag-range
parameter. - --ctag-range range
- Specifies the customer VLAN range in comma and hyphen separated format. Example: 2-20,30,40,50-55.
- --ctag-description desc
- Specifies a unique
description of the ctag in the following format:
ctag:l2-vni
. - --vrf vrf-name
- Specifies the VRF to which these networks are attached.
- --l3-vni vni
- Specifies the Layer 3 VNI to be used for this VRF.
- --l2-vni vni
- Specifies the Layer 2 VNI to
be used for this network in the following format:
ctag:l2-vni
. - --anycast-ip ipv4
- Specifies the IPv4 anycast
address in the following format:
ctag:anycast-ip
. - --anycast-ipv6 ipv6
- Specifies the IPv6 anycast
address in the following format:
ctag:anycast-ipv6
. - --local-ip ipv4
- Specifies the IPv4 local
address in the following format:
ctag,device-ip:local-ip
. - --local-ipv6 ipv6
- Specifies the IPv6 local
address in the following format:
ctag,device-ip:local-ipv6
. - --bridge-domain bd-name
- Specifies the bridge domain
name in the following format:
ctag:bridge-domain
. - --ipv6-nd-mtu mtu-value
- Sets the maximum transmission
unit (MTU) for IPv6 neighbor discovery. Valid values range from 1280 through
65535. The format is
ctag:mtu
. - --ipv6-nd-managed-config flag
- Sets the managed
configuration flag for IPv6 router advertisement. The format is
ctag:managedflag
. - --ipv6-nd-other-config other-flag
- Sets the other configuration
flag for IPv6 router advertisement. The format is
ctag:otherflag
. - --ipv6-nd-prefix ipv6-prefix
- Configures the IPv6 prefix address in the
following format:
ctag:prefix1,prefix2
. - --ipv6-nd-prefix-valid-lifetime lifetime
- Sets IPv6 prefix valid lifetime from 0
through 4294967295 in seconds. The format is
ctag,prefix:validTime
. - --ipv6-nd-prefix-preferred-lifetime pref-lifetime
- Sets the IPv6 prefix preferred lifetime from
0 through 4294967295 in seconds. The format is
ctag,prefix:preferredTime
. - --ipv6-nd-prefix-no-advertise
- Enables the prevention of
prefix advertisement. The format is
ctag,prefix:noadvertiseflag
. - --ipv6-nd-prefix-config-type { no-autoconfig | no-onlink | off-link }
- Sets the configuration type
for the IPv6 prefix. The format is
ctag,prefix:configType
. - --single-homed-bfd-session-type { auto | software | hardware }
- Specifies the BFD session
type for the endpoint group. The default is
auto
, which means that the BFD session type is automatically determined based on the value of thetype
parameter: extension or L3 hand-off. - --ip-mtu mtu-value
- Sets the IP maximum
transmission unit (MTU) for the tenant network. Valid values range from 1280
through 9194. The format is
ctag:ip-mtu
. - --suppress-arp value
- Sets suppress-arp flag to
this network. The format is
ctag:suppress-arp
. Example: 1002:true. - --suppress-nd value
- Sets suppress-nd flag to
this network. The format is
ctag:suppress-nd
. Example: 1002:true. - --pp-mac-acl-in ext-mac-permit-any-mirror-acl
- xxx
- --pp-mac-acl-out ext-mac-permit-any-mirror-acl
- xxx
- --pp-ip-acl-in ext-ip-permit-any-mirror-acl
- xxx
- --pp-ip-acl-out ext-ip-permit-any-mirror-acl
- xxx
- --pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl
- xxx
- --np-mac-acl-in ctag:ext-mac-permit-any-mirror-acl
- xxx
- --np-mac-acl-out ctag:ext-mac-permit-any-mirror-acl
- xxx
- --np-ip-acl-in ctag:ext-ip-permit-any-mirror-acl
- xxx
- --np-ip-acl-out ctag:ext-ip-permit-any-mirror-acl
- xxx
- --np-ipv6-acl-in ctag:ext-ipv6-permit-any-mirror-acl
- xxx
- --dhcpv4-relay-address-ip ipv4
- DHCP Server IPv4 Address
- --dhcpv6-relay-address-ip ipv6
- DHCP Server IPv6 Address
- --dhcpv4-relay-gateway-ip ipv4
- DHCP ipv4 relay gateway.
- --dhcpv4-relay-gateway-ip-interface ipv4
- DHCP ipv4 relay gateway ip interface.
- --dhcpv6-relay-gateway-ip-interface ipv6
- DHCP ipv6 relay gateway interface.
- --dhcpv4-relay-gateway-interface ipv4
- DHCP ipv4 relay gateway interface.
- --dhcpv6-relay-gateway-interface ipv6
- DHCP ipv6 relay gateway interface.
- --dhcpv6-relay-gateway-interface-ip ipv6
- DHCP ipv6 relay gateway interface ip.
Usage Guidelines
An empty endpoint group has no network-policy, network-property, or port-property.
An endpoint group can be created with a port-property but without a port-group. However, an endpoint group cannot be created with a port-group but without a port-property.
ARP suppression is enabled for all the possible broadcast domains, VLAN or BD, on the device.
CEP is handled by replicating all the tenant configuration on the MCT neighbor except for the endpoint configuration, because the endpoint does not exist on the MCT neighbor.
Event handling sets the corresponding tenant networks to the cfg-refreshed
state.
However, there is no way to re-push the refreshed configuration onto the
devices.
The value of --single-homed-bfd-session-type
is configured for one endpoint group
and then propagated to all Ethernet and single-homed port channel interfaces defined
for that endpoint group.
EFA does not distinguish between SRIOV (single-root input/output virtualization) and
non-SRIOV connections. Therefore, it treats both connections the same way. If you
want to use hardware-based BFD sessions for CEP non-SRIOV connections, then create
an endpoint group that contains all the CEP non-SRIOV connections and set the
--single-homed-bfd-session-type
to hardware
.
You use the --ip-mtu
parameter to configure the Maximum Transmission Unit (MTU) for the tenant network.
This value is then configured on the interface VE on the SLX device. The output of
the efa tenant epg show
--detail
command includes the configured --ip-mtu
<mtu-value>
.
Examples
This example creates a VLAN-based Layer 3 endpoint group.$ efa tenant epg create --name epg1 --tenant tenant11 --switchport-mode trunk --switchport-native-vlan 10 --switchport-native-vlan-tagging --port 10.20.216.15[0/11],10.20.216.16[0/11] --po po1 --vrf blue11 --ctag-range 10 --l2-vni 10:10010 --l3-vni 14191 --anycast-ip 10:10.10.10.1/24 --anycast-ipv6 10:10::1/125 --local-ip 10,10.20.216.15:1.1.10.3/28 --local-ip 10,10.20.216.16:1.1.10.4/28 --local-ipv6 10,10.20.216.15:10a:10::3/125 --local-ipv6 10,10.20.216.16:10a:10::4/125 --ipv6-nd-mtu 10:9000 --ipv6-nd-prefix 10:1002::/125,1003::/125,1004::/125 --ipv6-nd-prefix-valid-lifetime 10,1002::/125:infinite --ipv6-nd-prefix-preferred-lifetime 10,1002::/125:1020304 --ipv6-nd-prefix-valid-lifetime 10,1003::/125:1020304 --ipv6-nd-prefix-preferred-lifetime 10,1003::/125:1020304 --ipv6-nd-prefix-valid-lifetime 10,1004::/125:1020304 --ipv6-nd-prefix-preferred-lifetime 10,1004::/125:infinite --ipv6-nd-prefix-config-type 10,1004::/125:no-onlink --ipv6-nd-prefix-config-type 10,1003::/125:off-link --ipv6-nd-prefix-config-type 10,1002::/125:no-autoconfig --ipv6-nd-managed-config 10:true --ipv6-nd-other-config 10:true --ctag-description 10:Network-10 EndpointGroup created successfully. --- Time Elapsed: 16.922083265s ---This example creates a VLAN-based L3-hand-off endpoint group.
$ efa tenant epg create --tenant tenant11 --name epg2 --type l3-hand-off --switchport-mode trunk --port 10.20.216.15[0/18],10.20.216.16[0/18] --po po2 --vrf blue11 --ctag-range 12 --l2-vni 12:10012 --l3-vni 14191 --local-ipv6 12,10.20.216.16:10:12a::1/127 --local-ipv6 12,10.20.216.15:10:12a::2/127 --local-ip 12,10.20.216.16:1.1.12.1/29 --local-ip 12,10.20.216.15:1.1.12.2/29 EndpointGroup created successfully. --- Time Elapsed: 8.605943783s ---This example creates a bridge-domain-based Layer 3 endpoint group.
$ efa tenant epg create --tenant tenant21 --name epg3 --type extension --switchport-mode trunk --po po11 --ctag-range 1002 --bridge-domain 1002:Net-30002 --l2-vni 1002:30002 --vrf red11 --anycast-ip 1002:10.20.30.1/24 EndpointGroup created successfully. --- Time Elapsed: 13.469697138s ---This example creates a VLAN-based Layer 2 endpoint group.
$ efa tenant epg create --name epg4 --tenant tenant11 --ctag-range 101-103 --switchport-mode trunk-no-default-native --port 10.20.216.15[0/17] EndpointGroup created successfully. --- Time Elapsed: 19.83265s ---This example creates an endpoint group for which the BFD session type is automatically determined.
$ efa tenant epg create --name epg5 --tenant tenant11 --port 10.20.216.15[0/11] ,10.20.216.16[0/11] --po po1 --switchport-mode trunk --single-homed-bfd-session-type autoThis example creates an endpoint group with MTU values for Ctag 11 and Ctag 12.
$ efa tenant epg create --name ten1epg1 --tenant ten1 --port 10.20.246.17[0/1], 10.20.246.18[0/1] --switchport-mode trunk --ctag-range 11-12 --anycast-ip11:10.0.11.1/24 --anycast-ip12:10.0.12.1/24 --anycast-ipv6 11:11::1/127 --anycast-ipv6 12:12::1/127 --vrf ten1vrf1 --ip-mtu 11:7900 --ip-mtu 12:8900