Update an endpoint group.
trunk
.switchport-mode
flag is set to
trunk
.ctag-range
parameter.ctag:l2-vni
.ctag:l2-vni
.ctag:anycast-ip
.ctag,device-ip:local-ipv6
.ctag,device-ip:local-ip
.ctag:bridge-domain
.auto
, which means that the
BFD session type is automatically determined based on the value of the
--type
parameter: extension or L3 hand-off. ctag:ip-mtu
.Apply MAC ACL for mirror action in ingress direction on ethernet / portchannel interfaces. The only supported ACL name is ext-mac-permit-any-mirror-acl and only supported ACL type is extended. Format --pp-mac-acl-in <acl-name>. Example: --pp-mac-acl-in ext-mac-permit-any-mirror-acl.
Apply MAC ACL for mirror action in egress direction on ethernet / portchannel interfaces. The only supported ACL name is ext-mac-permit-any-mirror-acl and only supported ACL type is extended. Format --pp-mac-acl-out <acl-name>. Example: --pp-mac-acl-out ext-mac-permit-any-mirror-acl.
Apply IP ACL for mirror action in ingress direction on ethernet / portchannel interfaces. The only supported ACL name is ext-ip-permit-any-mirror-acl and only supported ACL type is extended. Format --pp-ip-acl-in <acl-name>. Example: --pp-ip-acl-in ext-ip-permit-any-mirror-acl.
Apply IP ACL for mirror action in egress direction on ethernet / portchannel interfaces. The only supported ACL name is ext-ip-permit-any-mirror-acl and only supported ACL type is extended. Format --pp-ip-acl-out <acl-name>. Example: --pp-ip-acl-out ext-ip-permit-any-mirror-acl.
Apply IPv6 ACL for mirror action in ingress direction on ethernet / portchannel interfaces. The only supported ACL name is ext-ipv6-permit-any-mirror-acl and only supported ACL type is extended. Format --pp-ipv6-acl-in <acl-name>. Example: --pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl.
Apply MAC ACL for mirror action in ingress direction on vlan. The only supported ACL name is ext-mac-permit-any-mirror-acl and only supported ACL type is extended. Format --np-mac-acl-in <ctag:acl-name>. Example: --np-mac-acl-in 101:ext-mac-permit-any-mirror-acl.
Apply MAC ACL for mirror action in egress direction on vlan. The only supported ACL name is ext-mac-permit-any-mirror-acl and only supported ACL type is extended. Format --np-mac-acl-out <ctag:acl-name>. Example: --np-mac-acl-out 101:ext-mac-permit-any-mirror-acl.
Apply IP ACL for mirror action in ingress direction on ve interface. The only supported ACL name is ext-ip-permit-any-mirror-acl and only supported ACL type is extended. Format --np-ip-acl-in <ctag:acl-name>. Example: --np-ip-acl-in 101:ext-ip-permit-any-mirror-acl.
Apply IP ACL for mirror action in egress direction on ve interface. The only supported ACL name is ext-ip-permit-any-mirror-acl and only supported ACL type is extended. Format --np-ip-acl-out <ctag:acl-name>. Example: --np-ip-acl-out 101:ext-ip-permit-any-mirror-acl.
Apply IPv6 ACL for mirror action in ingress direction on ve interface. The only supported ACL name is ext-ipv6-permit-any-mirror-acl and only supported ACL type is extended. Format --np-ipv6-acl-in <ctag:acl-name>. Example: --np-ipv6-acl-in 101:ext-ipv6-permit-any-mirror-acl.
An empty endpoint group has no network-policy, network-property, or port-property.
An endpoint group can be created with a port-property and without a port-group. But an endpoint group cannot be created with a port-group and without a port-property.
ARP suppression is enabled for all the possible broadcast domains VLAN or BD on the device.
CEP is handled by replicating all the tenant configuration on the MCT neighbor except for the endpoint configuration, since the endpoint does not exist on the MCT neighbor.
The update operation for a bridge domain-based endpoint group is similar to that of a VLAN-based endpoint group. During a port-group add or delete operation, the logical interface configurations will be created or deleted for the existing ctags, and the corresponding bridge-domains.
During a ctag-range-add
or delete
operation, the logical
interface and bridge-domain configurations are updated on the endpoint group.
During vrf-add
or delete
operation, the corresponding Layer
3 configurations are added to or deleted from the endpoint group.
Event handling sets the corresponding tenant networks to the
cfg-refreshed
state. However, there is no way to re-push the
refreshed configuration onto the devices.
The value of --single-homed-bfd-session-type
is configured for one endpoint group
and then propagated to all Ethernet and single-homed port channel interfaces defined
for that endpoint group.
XCO does not distinguish between SRIOV (single-root input/output
virtualization) and non-SRIOV connections. Therefore, it treats both connections the
same way. If you want to use hardware-based BFD sessions for CEP non-SRIOV
connections, then create an endpoint group that contains all the CEP non-SRIOV
connections and set the --single-homed-bfd-session-type
to hardware
.
During vrf-add
and ctag-range-add
operations, you can use the --ip-mtu
parameter to configure the MTU for the tenant network. This
value is then configured on the interface VE on the SLX device. The output of the
efa tenant epg show
--detail
command includes the configured --ip-mtu <mtu-value>
.
The following example adds a port to the endpoint group.
$ efa tenant epg update --name epg1 --tenant tenant11 --operation port-group-add --port 10.20.216.15[0/20] EndpointGroup updated successfully. --- Time Elapsed: 32.208253521s ---
The following example adds a Ctag with network properties to endpoint group.
$ efa tenant epg update --name epg1 --tenant tenant11 --operation ctag-range-add --ctag-range 100 --anycast-ip 100:1.1.100.1/24 --local-ip 100,10.20.216.15:100.100.1.1/28 EndpointGroup updated successfully. --- Time Elapsed: 37.428381252s ---The following example adds a automatic BFD session type to an endpoint group.
$ efa tenant epg update --name epg5 --tenant tenant11 --operation port-group-add --port 10.20.216.15[0/11],10.20.216.16[0/11] --po po1 --switchport-mode trunk --single-homed-bfd-session-type autoThe following example configures the MTU during a
vrf-add
operation.$ efa tenant epg update --name ten1epg1 --tenant ten1 --operation vrf-add --anycast-ip11:10.0.11.1/24 --anycast-ipv6 11:11::1/127 --vrf ten1vrf1 --ip-mtu 11:5990The following example configures the MTU during a
ctag-range-add
operation.$ efa tenant epg update --name ten1epg1 --tenant ten1 --operation ctag-range-add --ctag-range 212 --anycast-ip 213:33.1.1.1/24 --anycast-ipv6 213:12::1/127 --ip-mtu 213:6990 --ip-icmp-redirect 213:true --ipv6-icmp-redirect 213:true