Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  EVPN / VXLAN

    Posted 10-06-2021 05:32
    I'm working on a lab to get basic vxlan working, but have hit a road block .  I have a QFX(simulating Core/Dist) connected to two EX 4400s(simulating Aggs) with a laptop connected to eah agg.  Both laptops are on the same subnet.   I have ebgp seem to be populating the bgp.evpn.0 table on both aggs and the laptops seem to be populating the arp table. The problem i am having that pings are unsuccessful.  If i try to ping the laptop connected to the agg, the pings fail. If i try to ping the laptop connected to the vxlan partner agg, the pings fail.  If i try pinging the gateway from the laptop, the pings fail. Any one have any thoughts on what i missed?


    {master:0}
    user1@CHEM-175-AGG> show route table bgp.evpn.0

    bgp.evpn.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    1:129.120.213.3:0::050000fe4c000013ec00::FFFF:FFFF/192 AD/ESI
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    1:129.120.213.18:0::050000fe4c000013ec00::FFFF:FFFF/192 AD/ESI
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.3:1::5100::00:00:5e:00:01:01/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::00:cc:34:f0:23:80/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::9c:eb:e8:c2:cf:7d/304 MAC/IP
    *[BGP/170] 18:23:11, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.18:1::5100::00:00:5e:00:01:01/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::00:cc:34:f0:27:80/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::5c:26:0a:68:b7:5a/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.3:1::5100::00:00:5e:00:01:01::10.126.37.250/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::00:cc:34:f0:23:80::10.126.36.2/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::9c:eb:e8:c2:cf:7d::10.126.37.4/304 MAC/IP
    *[BGP/170] 18:23:11, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.18:1::5100::00:00:5e:00:01:01::10.126.37.250/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::00:cc:34:f0:27:80::10.126.36.1/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::5c:26:0a:68:b7:5a::10.126.36.4/304 MAC/IP
    *[EVPN/170] 17:01:13
    Indirect
    3:129.120.213.3:1::5100::129.120.213.3/248 IM
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    3:129.120.213.18:1::5100::129.120.213.18/248 IM
    *[EVPN/170] 16:59:19
    Indirect
    6:129.120.213.3:1::5100::239.255.255.250::129.120.213.3/520
    *[BGP/170] 17:06:18, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    6:129.120.213.18:1::5100::239.255.255.250::129.120.213.18/520
    *[EVPN/170] 17:01:16
    Indirect

    {master:0}
    user1@CHEM-175-AGG> show arp no-resolve
    MAC Address Address Interface Flags
    00:cc:34:f0:23:80 10.126.36.2 irb.2997 [vtep.32769] permanent remote
    5c:26:0a:68:b7:5a 10.126.36.4 irb.2997 [ge-0/0/47.0] permanent remote
    9c:eb:e8:c2:cf:7d 10.126.37.4 irb.2997 [vtep.32769] permanent remote
    d4:04:ff:b1:54:00 129.120.213.122 irb.636 [ae0.0] none
    Total entries: 4

    {master:0}
    user1@CHEM-175-AGG> ...vxlan-tunnel-end-point source
    Logical System Name Id SVTEP-IP IFL L3-Idx SVTEP-Mode
    <default> 0 129.120.213.18 lo0.0 0
    L2-RTT Bridge Domain VNID Translation-VNID MC-Group-IP
    default-switch VLAN2997+2997 5100 0.0.0.0

    {master:0}
    user1@CHEM-175-AGG> ...hernet-switching vxlan-tunnel-end-point remote
    Logical System Name Id SVTEP-IP IFL L3-Idx SVTEP-Mode
    <default> 0 129.120.213.18 lo0.0 0
    RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode Flags
    129.120.213.3 default-switch 561 vtep.32769 1864 RNVE
    VNID MC-Group-IP
    5100 0.0.0.0

    ------------------------------
    Mark Evans
    ------------------------------


  • 2.  RE: EVPN / VXLAN

    Posted 10-07-2021 13:24
    any chance you can provide the configs of the agg switches?  Also, it appears that the output shown are only from one agg.  What does a show evpn instance extensive show?


  • 3.  RE: EVPN / VXLAN

    Posted 10-07-2021 15:21
    or course.  pasted below is the requested information.



    ============== CHEM AGG =================================

    set policy-options policy-statement STATIC-TO-OSPF term export_static from protocol static
    set policy-options policy-statement STATIC-TO-OSPF term export_static then accept
    set policy-options policy-statement STATIC-TO-OSPF term loopback from protocol direct
    set policy-options policy-statement STATIC-TO-OSPF term loopback from interface lo0.0
    set policy-options policy-statement STATIC-TO-OSPF term loopback then accept
    set policy-options policy-statement STATIC-TO-OSPF to protocol ospf
    set policy-options policy-statement STATIC-TO-OSPF then accept
    set protocols ospf area 0.0.0.138 nssa default-lsa
    set protocols ospf area 0.0.0.138 nssa no-summaries
    set protocols ospf area 0.0.0.138 interface lo0.0 passive
    set protocols ospf area 0.0.0.138 interface irb.2997 passive
    set protocols ospf export STATIC-TO-OSPF
    set protocols bgp group overlay type internal
    set protocols bgp group overlay multihop
    set protocols bgp group overlay local-address 129.120.213.18
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay neighbor 129.120.213.3
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list all
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 129.120.213.18:1
    set switch-options vrf-target target:65100:5000
    set routing-options router-id 129.120.213.18
    set routing-options autonomous-system 65100
    set routing-options static route 0.0.0.0/0 next-hop 129.120.7.250
    set routing-options multicast forwarding-cache timeout 720
    set vlans VLAN2997 description "AITS IP Camera"
    set vlans VLAN2997 vlan-id 2997
    set vlans VLAN2997 l3-interface irb.2997
    set vlans VLAN2997 vxlan vni 5100
    set vlans VLAN2997 vxlan ingress-node-replication
    set interfaces irb unit 2997 virtual-gateway-accept-data
    set interfaces irb unit 2997 description "AITS IP Camera"
    set interfaces irb unit 2997 family inet address 10.126.36.1/23 virtual-gateway-address 10.126.37.250
    set interfaces ge-0/0/47 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members 2997







    {master:0}
    mevans@CHEM-175-AGG> show evpn instance extensive| no-more
    eInstance: __default_evpn__
    Route Distinguisher: 129.120.213.18:0
    Number of bridge domains: 0
    Number of neighbors: 0

    Instance: default-switch
    Route Distinguisher: 129.120.213.18:1
    Encapsulation type: VXLAN
    Duplicate MAC detection threshold: 5
    Duplicate MAC detection window: 180
    MAC database status Local Remote
    MAC advertisements: 2 3
    MAC+IP advertisements: 3 3
    Default gateway MAC advertisements: 2 1
    Number of local interfaces: 3 (2 up)
    r Interface name ESI Mode Status AC-Role
    .local..5 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    ge-0/0/47.0 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    ge-0/0/48.0 00:00:00:00:00:00:00:00:00:00 single-homed Down Root
    Number of IRB interfaces: 1 (1 up)
    Interface name VLAN VNI Status L3 context
    irb.2997 5100 Up master
    Number of protect interfaces: 0
    Number of bridge domains: 1
    VLAN Domain-ID Intfs/up IRB-intf Mode MAC-sync IM-label MAC-label v4-SG-sync IM-core-NH v6-SG-sync IM-core-NH Trans-ID
    2997 5100 2 1 irb.2997 Extended Enabled 5100 Enabled 131071 Disabled 5100
    Number of neighbors: 1
    l Address MAC MAC+IP AD IM ES Leaf-label Remote-DCI-Peer
    129.120.213.3 3 3 1 1 0
    Number of ethernet segments: 1
    ESI: 05:00:00:fe:4c:00:00:13:ec:00
    Local interface: irb.2997, Status: Up/Forwarding
    Number of remote PEs connected: 1
    Remote-PE MAC-label Aliasing-label Mode
    129.120.213.3 5100 0 all-active
    Router-ID: 129.120.213.18
    Source VTEP interface IP: 129.120.213.18
    SMET Forwarding: Enabled: Nexthop Limit: 10000 Nexthop Usage: 1

    {master:0}
    mevans@CHEM-175-AGG> ...120.213.3 mac 9c:eb:e8:c2:cf:7d count 2

    ping-overlay protocol vxlan

    vni 5100
    tunnel src ip 129.120.213.18
    tunnel dst ip 129.120.213.3
    mac address 9c:eb:e8:c2:cf:7d
    count 2
    ttl 255

    WARNING: following hash-parameters are missing -
    hash computation may not succeed

    end-host smac
    end-host dmac
    end-host src ip
    end-host dst ip
    end-host input-ifd-idx
    end-host protocol
    end-host l4-src-port
    end-host l4-dst-port

    Request for seq 1, to 129.120.213.3, at Oct 07 2021 13:59:08.947 CDT
    Response for seq 1, from 129.120.213.3, at Oct 07 2021 13:59:11.764 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.3

    End-System Present


    Request for seq 2, to 129.120.213.3, at Oct 07 2021 13:59:09.947 CDT
    Response for seq 2, from 129.120.213.3, at Oct 07 2021 13:59:12.765 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.3

    End-System Present


    {master:0}
    mevans@CHEM-175-AGG> show arp | no-more
    MAC Address Address Name Interface Flags
    00:cc:34:f0:23:80 10.126.36.2 10.126.36.2 irb.2997 [vtep.32769] permanent remote
    5c:26:0a:68:b7:5a 10.126.36.4 10.126.36.4 irb.2997 [ge-0/0/47.0] permanent remote
    9c:eb:e8:c2:cf:7d 10.126.37.4 10.126.37.4 irb.2997 [vtep.32769] permanent remote
    d4:04:ff:b1:54:00 129.120.213.122 129.120.213.122 irb.636 [ae0.0] none
    Total entries: 4

    {master:0}
    mevans@CHEM-175-AGG>



    ======================= WH AGG =========================================
    set policy-options policy-statement STATIC-TO-OSPF term export_static from protocol static
    set policy-options policy-statement STATIC-TO-OSPF term export_static then accept
    set policy-options policy-statement STATIC-TO-OSPF term loopback from protocol direct
    set policy-options policy-statement STATIC-TO-OSPF term loopback from interface lo0.0
    set policy-options policy-statement STATIC-TO-OSPF term loopback then accept
    set policy-options policy-statement STATIC-TO-OSPF to protocol ospf
    set policy-options policy-statement STATIC-TO-OSPF then accept
    set protocols ospf area 0.0.0.46 nssa default-lsa
    set protocols ospf area 0.0.0.46 nssa no-summaries
    set protocols ospf area 0.0.0.46 interface lo0.0 passive
    set protocols ospf area 0.0.0.46 interface irb.2997 passive
    set protocols ospf export STATIC-TO-OSPF
    set protocols bgp group overlay type internal
    set protocols bgp group overlay multihop
    set protocols bgp group overlay local-address 129.120.213.3
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay neighbor 129.120.213.18
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list all
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 129.120.213.3:1
    set switch-options vrf-target target:65100:5000
    set routing-options router-id 129.120.213.3
    set routing-options autonomous-system 65100
    set routing-options static route 0.0.0.0/0 next-hop 129.120.7.250
    set routing-options multicast forwarding-cache timeout 720
    set vlans VLAN2997 description "AITS IP Camera"
    set vlans VLAN2997 vlan-id 2997
    set vlans VLAN2997 l3-interface irb.2997
    set vlans VLAN2997 vxlan vni 5100
    set vlans VLAN2997 vxlan ingress-node-replication
    set interfaces irb unit 2997 virtual-gateway-accept-data
    set interfaces irb unit 2997 description "AITS IP Camera"
    set interfaces irb unit 2997 family inet address 10.126.36.1/23 virtual-gateway-address 10.126.37.250
    set interfaces ge-0/0/47 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members 2997


    {master:0}
    mevans@WH-150-AGG> show evpn instance extensive| no-more
    eInstance: __default_evpn__
    Route Distinguisher: 129.120.213.3:0
    Number of bridge domains: 0
    Number of neighbors: 0

    Instance: default-switch
    Route Distinguisher: 129.120.213.3:1
    Encapsulation type: VXLAN
    Duplicate MAC detection threshold: 5
    Duplicate MAC detection window: 180
    MAC database status Local Remote
    MAC advertisements: 2 3
    MAC+IP advertisements: 3 3
    Default gateway MAC advertisements: 2 1
    r Number of local interfaces: 2 (2 up)
    Interface name ESI Mode Status AC-Role
    .local..5 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    ge-0/0/47.0 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    Number of IRB interfaces: 1 (1 up)
    Interface name VLAN VNI Status L3 context
    irb.2997 5100 Up master
    Number of protect interfaces: 0
    Number of bridge domains: 1
    VLAN Domain-ID Intfs/up IRB-intf Mode MAC-sync IM-label MAC-label v4-SG-sync IM-core-NH v6-SG-sync IM-core-NH Trans-ID
    2997 5100 1 1 irb.2997 Extended Enabled 5100 Enabled 131072 Disabled 5100
    Number of neighbors: 1
    l Address MAC MAC+IP AD IM ES Leaf-label Remote-DCI-Peer
    129.120.213.18 3 3 1 1 0
    Number of ethernet segments: 1
    ESI: 05:00:00:fe:4c:00:00:13:ec:00
    Local interface: irb.2997, Status: Up/Forwarding
    Number of remote PEs connected: 1
    Remote-PE MAC-label Aliasing-label Mode
    129.120.213.18 5100 0 all-active
    Router-ID: 129.120.213.3
    Source VTEP interface IP: 129.120.213.3
    SMET Forwarding: Enabled: Nexthop Limit: 10000 Nexthop Usage: 1

    {master:0}
    mevans@WH-150-AGG> ...20.213.18 mac 5c:26:0a:68:b7:5a count 2

    ping-overlay protocol vxlan

    vni 5100
    tunnel src ip 129.120.213.3
    tunnel dst ip 129.120.213.18
    mac address 5c:26:0a:68:b7:5a
    count 2
    ttl 255

    WARNING: following hash-parameters are missing -
    hash computation may not succeed

    end-host smac
    end-host dmac
    end-host src ip
    end-host dst ip
    end-host input-ifd-idx
    end-host protocol
    end-host l4-src-port
    end-host l4-dst-port

    Request for seq 1, to 129.120.213.18, at Oct 07 2021 13:56:33.739 CDT
    Response for seq 1, from 129.120.213.18, at Oct 07 2021 13:56:30.924 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.18

    End-System Present


    Request for seq 2, to 129.120.213.18, at Oct 07 2021 13:56:34.739 CDT
    Response for seq 2, from 129.120.213.18, at Oct 07 2021 13:56:31.925 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.18

    End-System Present


    {master:0}
    mevans@WH-150-AGG> show arp | no-more
    MAC Address Address Name Interface Flags
    00:cc:34:f0:27:80 10.126.36.1 10.126.36.1 irb.2997 [vtep.32769] permanent remote
    5c:26:0a:68:b7:5a 10.126.36.4 10.126.36.4 irb.2997 [vtep.32769] permanent remote
    9c:eb:e8:c2:cf:7d 10.126.37.4 10.126.37.4 irb.2997 [ge-0/0/47.0] permanent remote
    d4:04:ff:b1:54:00 129.120.213.62 129.120.213.62 irb.606 [ae0.0] none
    Total entries: 4

    {master:0}
    mevans@WH-150-AGG>



    ------------------------------
    Mark Evans
    ------------------------------



  • 4.  RE: EVPN / VXLAN

    Posted 10-07-2021 13:28
    You mind sharing your configs on the agg switches?  Also, the above outputs only appear to be from one of the agg switches, not both.  What does a show evpn instance extensive show??