efa tenant epg create

Creates a Layer 3 endpoint group.

Syntax

efa tenant epg create [--name epg-name | --tenant tenant-name | --description desc | --port ip-ethport | --po po-name | --switchport-mode { access | trunk | trunk-no-default-native } | --type { l3-hand-off | extension | port-profile } | --switchport-native-vlan-tagging | --switchport-native-vlan value | --ctag-range range | --ctag description desc |--vrf vrf-name | --l3-vni vni | --l2-vni vni | --anycast-ip ipv4 | --anycast-ipv6 ipv6 |--local-ip ipv4 | --local-ipv6 ipv6| --bridge-domain bd-name | --ipv6-nd-mtu mtu-value | --ipv6-nd-managed-config flag | --ipv6-nd-other-config other-flag | --ipv6-nd-prefix ipv6-prefix | --ipv6-nd-prefix-valid-lifetime lifetime | --ipv6-nd-prefix-preferred-lifetime pref-lifetime | --ipv6-nd-prefix-no-advertise | --ipv6-nd-prefix-config-type { no-autoconfig | no-onlink | off-link } | --single-homed-bfd-session-type { auto | software | hardware } | --ip-mtu mtu-value | --suppress-arp array | --suppress-nd array | --pp-mac-acl-in ext-mac-permit-any-mirror-acl | --pp-mac-acl-out ext-mac-permit-any-mirror-acl | --pp-ip-acl-in ext-ip-permit-any-mirror-acl | --pp-ip-acl-out ext-ip-permit-any-mirror-acl | --pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl | --np-mac-acl-in ctag:ext-mac-permit-any-mirror-acl | --np-mac-acl-out ctag:ext-mac-permit-any-mirror-acl | --np-ip-acl-in ctag:ext-ip-permit-any-mirror-acl | --np-ip-acl-out ctag:ext-ip-permit-any-mirror-acl | --np-ipv6-acl-in ctag:ext-ipv6-permit-any-mirror-acl | --dhcpv4-relay-address-ip ipv4 | --dhcpv6-relay-address-ip ipv6 | --dhcpv4-relay-gateway-ip ipv4 | --dhcpv4-relay-gateway-ip-interface ipv4 | --dhcpv6-relay-gateway-ip-interface ipv6 | --dhcpv4-relay-gateway-interface ipv4 | --dhcpv6-relay-gateway-interface ipv6 | --dhcpv6-relay-gateway-interface-ip ipv6 | --help ]

Parameters

--name epg-name
Specifies the name of the endpoint group.
--tenant tenant-name
Specifies the name of the associated tenant.
--description desc
Describes the endpoint group.
--port ip-ethport
Specifies the device IP address and Ethernet port details. Example: SW1_IP[0/1], SW2_IP[0/5,0/6], SW3_IP[0/7-10]
--po po-name
Lists port channels. Example: po1, po2
--switchport-mode { access | trunk | trunk-no-default-native }
Configures switch port mode on the interfaces. The default is trunk.
--type { l3-hand-off | extension | port-profile }
Configures the BGP service type. Valid values are l3-hand-off, port-profile, or extension. The default is extension.
--switchport-native-vlan-tagging
Enables the native VLAN characteristics on the ports of this endpoint group. Valid only if the switchport-mode parameter is set to trunk.
--switchport-native-vlan value
Configures native VLAN on the interfaces. Valid values are 2 through 4090, corresponding to the value of the ctag-range parameter.
--ctag-range range
Specifies the customer VLAN range in comma and hyphen separated format. Example: 2-20,30,40,50-55.
--ctag-description desc
Specifies a unique description of the ctag in the following format: ctag:l2-vni.
--vrf vrf-name
Specifies the VRF to which these networks are attached.
--l3-vni vni
Specifies the Layer 3 VNI to be used for this VRF.
--l2-vni vni
Specifies the Layer 2 VNI to be used for this network in the following format: ctag:l2-vni.
--anycast-ip ipv4
Specifies the IPv4 anycast address in the following format: ctag:anycast-ip.
--anycast-ipv6 ipv6
Specifies the IPv6 anycast address in the following format: ctag:anycast-ipv6.
--local-ip ipv4
Specifies the IPv4 local address in the following format: ctag,device-ip:local-ip.
--local-ipv6 ipv6
Specifies the IPv6 local address in the following format: ctag,device-ip:local-ipv6.
--bridge-domain bd-name
Specifies the bridge domain name in the following format: ctag:bridge-domain.
--ipv6-nd-mtu mtu-value
Sets the maximum transmission unit (MTU) for IPv6 neighbor discovery. Valid values range from 1280 through 65535. The format is ctag:mtu.
--ipv6-nd-managed-config flag
Sets the managed configuration flag for IPv6 router advertisement. The format is ctag:managedflag.
--ipv6-nd-other-config other-flag
Sets the other configuration flag for IPv6 router advertisement. The format is ctag:otherflag.
--ipv6-nd-prefix ipv6-prefix
Configures the IPv6 prefix address in the following format: ctag:prefix1,prefix2.
--ipv6-nd-prefix-valid-lifetime lifetime
Sets IPv6 prefix valid lifetime from 0 through 4294967295 in seconds. The format is ctag,prefix:validTime.
--ipv6-nd-prefix-preferred-lifetime pref-lifetime
Sets the IPv6 prefix preferred lifetime from 0 through 4294967295 in seconds. The format is ctag,prefix:preferredTime.
--ipv6-nd-prefix-no-advertise
Enables the prevention of prefix advertisement. The format is ctag,prefix:noadvertiseflag.
--ipv6-nd-prefix-config-type { no-autoconfig | no-onlink | off-link }
Sets the configuration type for the IPv6 prefix. The format is ctag,prefix:configType.
--single-homed-bfd-session-type { auto | software | hardware }
Specifies the BFD session type for the endpoint group. The default is auto, which means that the BFD session type is automatically determined based on the value of the type parameter: extension or L3 hand-off.
--ip-mtu mtu-value
Sets the IP maximum transmission unit (MTU) for the tenant network. Valid values range from 1280 through 9194. The format is ctag:ip-mtu.
--suppress-arp value
Sets suppress-arp flag to this network. The format is ctag:suppress-arp. Example: 1002:true.
--suppress-nd value
Sets suppress-nd flag to this network. The format is ctag:suppress-nd. Example: 1002:true.
--pp-mac-acl-in ext-mac-permit-any-mirror-acl
xxx
--pp-mac-acl-out ext-mac-permit-any-mirror-acl
xxx
--pp-ip-acl-in ext-ip-permit-any-mirror-acl
xxx
--pp-ip-acl-out ext-ip-permit-any-mirror-acl
xxx
--pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl
xxx
--np-mac-acl-in ctag:ext-mac-permit-any-mirror-acl
xxx
--np-mac-acl-out ctag:ext-mac-permit-any-mirror-acl
xxx
--np-ip-acl-in ctag:ext-ip-permit-any-mirror-acl
xxx
--np-ip-acl-out ctag:ext-ip-permit-any-mirror-acl
xxx
--np-ipv6-acl-in ctag:ext-ipv6-permit-any-mirror-acl
xxx
--dhcpv4-relay-address-ip ipv4
DHCP Server IPv4 Address
--dhcpv6-relay-address-ip ipv6
DHCP Server IPv6 Address
--dhcpv4-relay-gateway-ip ipv4
DHCP ipv4 relay gateway.
--dhcpv4-relay-gateway-ip-interface ipv4
DHCP ipv4 relay gateway ip interface.
--dhcpv6-relay-gateway-ip-interface ipv6
DHCP ipv6 relay gateway interface.
--dhcpv4-relay-gateway-interface ipv4
DHCP ipv4 relay gateway interface.
--dhcpv6-relay-gateway-interface ipv6
DHCP ipv6 relay gateway interface.
--dhcpv6-relay-gateway-interface-ip ipv6
DHCP ipv6 relay gateway interface ip.

Usage Guidelines

An empty endpoint group has no network-policy, network-property, or port-property.

An endpoint group can be created with a port-property but without a port-group. However, an endpoint group cannot be created with a port-group but without a port-property.

ARP suppression is enabled for all the possible broadcast domains, VLAN or BD, on the device.

CEP is handled by replicating all the tenant configuration on the MCT neighbor except for the endpoint configuration, because the endpoint does not exist on the MCT neighbor.

Event handling sets the corresponding tenant networks to the cfg-refreshed state. However, there is no way to re-push the refreshed configuration onto the devices.

The value of --single-homed-bfd-session-type is configured for one endpoint group and then propagated to all Ethernet and single-homed port channel interfaces defined for that endpoint group.

EFA does not distinguish between SRIOV (single-root input/output virtualization) and non-SRIOV connections. Therefore, it treats both connections the same way. If you want to use hardware-based BFD sessions for CEP non-SRIOV connections, then create an endpoint group that contains all the CEP non-SRIOV connections and set the --single-homed-bfd-session-type to hardware.

You use the --ip-mtu parameter to configure the Maximum Transmission Unit (MTU) for the tenant network. This value is then configured on the interface VE on the SLX device. The output of the efa tenant epg show --detail command includes the configured --ip-mtu <mtu-value>.

Examples

This example creates a VLAN-based Layer 3 endpoint group.
$ efa tenant epg create --name epg1 --tenant tenant11 --switchport-mode trunk 
--switchport-native-vlan 10 --switchport-native-vlan-tagging --port 10.20.216.15[0/11],10.20.216.16[0/11] 
--po po1 --vrf blue11 --ctag-range 10 --l2-vni 10:10010 --l3-vni 14191 --anycast-ip 10:10.10.10.1/24 
--anycast-ipv6 10:10::1/125 --local-ip 10,10.20.216.15:1.1.10.3/28  --local-ip 10,10.20.216.16:1.1.10.4/28 
--local-ipv6 10,10.20.216.15:10a:10::3/125 --local-ipv6 10,10.20.216.16:10a:10::4/125 --ipv6-nd-mtu 10:9000  
--ipv6-nd-prefix 10:1002::/125,1003::/125,1004::/125 --ipv6-nd-prefix-valid-lifetime 10,1002::/125:infinite 
--ipv6-nd-prefix-preferred-lifetime 10,1002::/125:1020304 --ipv6-nd-prefix-valid-lifetime 10,1003::/125:1020304 
--ipv6-nd-prefix-preferred-lifetime 10,1003::/125:1020304 --ipv6-nd-prefix-valid-lifetime 10,1004::/125:1020304 
--ipv6-nd-prefix-preferred-lifetime 10,1004::/125:infinite --ipv6-nd-prefix-config-type 10,1004::/125:no-onlink 
--ipv6-nd-prefix-config-type 10,1003::/125:off-link --ipv6-nd-prefix-config-type 10,1002::/125:no-autoconfig 
--ipv6-nd-managed-config 10:true --ipv6-nd-other-config 10:true --ctag-description 10:Network-10

EndpointGroup created successfully.

--- Time Elapsed: 16.922083265s ---
This example creates a VLAN-based L3-hand-off endpoint group.
$ efa tenant epg create --tenant tenant11 --name epg2 
--type l3-hand-off --switchport-mode trunk --port 10.20.216.15[0/18],10.20.216.16[0/18] --po po2 
--vrf blue11 --ctag-range 12 --l2-vni 12:10012 --l3-vni 14191 --local-ipv6 12,10.20.216.16:10:12a::1/127 
--local-ipv6 12,10.20.216.15:10:12a::2/127 --local-ip 12,10.20.216.16:1.1.12.1/29 
--local-ip 12,10.20.216.15:1.1.12.2/29

EndpointGroup created successfully.

--- Time Elapsed: 8.605943783s ---
This example creates a bridge-domain-based Layer 3 endpoint group.
$ efa tenant epg create --tenant tenant21 --name epg3 --type extension 
--switchport-mode trunk --po po11 --ctag-range 1002 --bridge-domain 1002:Net-30002 --l2-vni 1002:30002  
--vrf red11 --anycast-ip 1002:10.20.30.1/24

EndpointGroup created successfully.

--- Time Elapsed: 13.469697138s ---
This example creates a VLAN-based Layer 2 endpoint group.
$ efa tenant epg create --name epg4 --tenant tenant11 
--ctag-range 101-103 --switchport-mode trunk-no-default-native --port 10.20.216.15[0/17]

EndpointGroup created successfully.

--- Time Elapsed: 19.83265s ---
This example creates an endpoint group for which the BFD session type is automatically determined.
$ efa tenant epg create --name epg5 --tenant tenant11 --port 10.20.216.15[0/11]
,10.20.216.16[0/11] --po po1 --switchport-mode trunk --single-homed-bfd-session-type auto
This example creates an endpoint group with MTU values for Ctag 11 and Ctag 12.
$ efa tenant epg create --name ten1epg1 --tenant ten1 --port 10.20.246.17[0/1],
10.20.246.18[0/1] --switchport-mode trunk --ctag-range 11-12 --anycast-ip11:10.0.11.1/24 
--anycast-ip12:10.0.12.1/24 --anycast-ipv6 11:11::1/127 --anycast-ipv6 12:12::1/127 
--vrf ten1vrf1 --ip-mtu 11:7900 --ip-mtu 12:8900