Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  EVPN / VXLAN

    Posted 10-06-2021 05:32
    I'm working on a lab to get basic vxlan working, but have hit a road block .  I have a QFX(simulating Core/Dist) connected to two EX 4400s(simulating Aggs) with a laptop connected to eah agg.  Both laptops are on the same subnet.   I have ebgp seem to be populating the bgp.evpn.0 table on both aggs and the laptops seem to be populating the arp table. The problem i am having that pings are unsuccessful.  If i try to ping the laptop connected to the agg, the pings fail. If i try to ping the laptop connected to the vxlan partner agg, the pings fail.  If i try pinging the gateway from the laptop, the pings fail. Any one have any thoughts on what i missed?


    {master:0}
    user1@CHEM-175-AGG> show route table bgp.evpn.0

    bgp.evpn.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    1:129.120.213.3:0::050000fe4c000013ec00::FFFF:FFFF/192 AD/ESI
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    1:129.120.213.18:0::050000fe4c000013ec00::FFFF:FFFF/192 AD/ESI
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.3:1::5100::00:00:5e:00:01:01/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::00:cc:34:f0:23:80/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::9c:eb:e8:c2:cf:7d/304 MAC/IP
    *[BGP/170] 18:23:11, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.18:1::5100::00:00:5e:00:01:01/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::00:cc:34:f0:27:80/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::5c:26:0a:68:b7:5a/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.3:1::5100::00:00:5e:00:01:01::10.126.37.250/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::00:cc:34:f0:23:80::10.126.36.2/304 MAC/IP
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.3:1::5100::9c:eb:e8:c2:cf:7d::10.126.37.4/304 MAC/IP
    *[BGP/170] 18:23:11, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    2:129.120.213.18:1::5100::00:00:5e:00:01:01::10.126.37.250/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::00:cc:34:f0:27:80::10.126.36.1/304 MAC/IP
    *[EVPN/170] 17:01:18
    Indirect
    2:129.120.213.18:1::5100::5c:26:0a:68:b7:5a::10.126.36.4/304 MAC/IP
    *[EVPN/170] 17:01:13
    Indirect
    3:129.120.213.3:1::5100::129.120.213.3/248 IM
    *[BGP/170] 17:06:27, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    3:129.120.213.18:1::5100::129.120.213.18/248 IM
    *[EVPN/170] 16:59:19
    Indirect
    6:129.120.213.3:1::5100::239.255.255.250::129.120.213.3/520
    *[BGP/170] 17:06:18, localpref 100, from 129.120.213.3
    AS path: I, validation-state: unverified
    > to 129.120.213.122 via irb.636
    6:129.120.213.18:1::5100::239.255.255.250::129.120.213.18/520
    *[EVPN/170] 17:01:16
    Indirect

    {master:0}
    user1@CHEM-175-AGG> show arp no-resolve
    MAC Address Address Interface Flags
    00:cc:34:f0:23:80 10.126.36.2 irb.2997 [vtep.32769] permanent remote
    5c:26:0a:68:b7:5a 10.126.36.4 irb.2997 [ge-0/0/47.0] permanent remote
    9c:eb:e8:c2:cf:7d 10.126.37.4 irb.2997 [vtep.32769] permanent remote
    d4:04:ff:b1:54:00 129.120.213.122 irb.636 [ae0.0] none
    Total entries: 4

    {master:0}
    user1@CHEM-175-AGG> ...vxlan-tunnel-end-point source
    Logical System Name Id SVTEP-IP IFL L3-Idx SVTEP-Mode
    <default> 0 129.120.213.18 lo0.0 0
    L2-RTT Bridge Domain VNID Translation-VNID MC-Group-IP
    default-switch VLAN2997+2997 5100 0.0.0.0

    {master:0}
    user1@CHEM-175-AGG> ...hernet-switching vxlan-tunnel-end-point remote
    Logical System Name Id SVTEP-IP IFL L3-Idx SVTEP-Mode
    <default> 0 129.120.213.18 lo0.0 0
    RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode Flags
    129.120.213.3 default-switch 561 vtep.32769 1864 RNVE
    VNID MC-Group-IP
    5100 0.0.0.0

    ------------------------------
    Mark Evans
    ------------------------------


  • 2.  RE: EVPN / VXLAN

    Posted 10-07-2021 13:24
    any chance you can provide the configs of the agg switches?  Also, it appears that the output shown are only from one agg.  What does a show evpn instance extensive show?


  • 3.  RE: EVPN / VXLAN

    Posted 10-07-2021 15:21
    or course.  pasted below is the requested information.



    ============== CHEM AGG =================================

    set policy-options policy-statement STATIC-TO-OSPF term export_static from protocol static
    set policy-options policy-statement STATIC-TO-OSPF term export_static then accept
    set policy-options policy-statement STATIC-TO-OSPF term loopback from protocol direct
    set policy-options policy-statement STATIC-TO-OSPF term loopback from interface lo0.0
    set policy-options policy-statement STATIC-TO-OSPF term loopback then accept
    set policy-options policy-statement STATIC-TO-OSPF to protocol ospf
    set policy-options policy-statement STATIC-TO-OSPF then accept
    set protocols ospf area 0.0.0.138 nssa default-lsa
    set protocols ospf area 0.0.0.138 nssa no-summaries
    set protocols ospf area 0.0.0.138 interface lo0.0 passive
    set protocols ospf area 0.0.0.138 interface irb.2997 passive
    set protocols ospf export STATIC-TO-OSPF
    set protocols bgp group overlay type internal
    set protocols bgp group overlay multihop
    set protocols bgp group overlay local-address 129.120.213.18
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay neighbor 129.120.213.3
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list all
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 129.120.213.18:1
    set switch-options vrf-target target:65100:5000
    set routing-options router-id 129.120.213.18
    set routing-options autonomous-system 65100
    set routing-options static route 0.0.0.0/0 next-hop 129.120.7.250
    set routing-options multicast forwarding-cache timeout 720
    set vlans VLAN2997 description "AITS IP Camera"
    set vlans VLAN2997 vlan-id 2997
    set vlans VLAN2997 l3-interface irb.2997
    set vlans VLAN2997 vxlan vni 5100
    set vlans VLAN2997 vxlan ingress-node-replication
    set interfaces irb unit 2997 virtual-gateway-accept-data
    set interfaces irb unit 2997 description "AITS IP Camera"
    set interfaces irb unit 2997 family inet address 10.126.36.1/23 virtual-gateway-address 10.126.37.250
    set interfaces ge-0/0/47 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members 2997







    {master:0}
    mevans@CHEM-175-AGG> show evpn instance extensive| no-more
    eInstance: __default_evpn__
    Route Distinguisher: 129.120.213.18:0
    Number of bridge domains: 0
    Number of neighbors: 0

    Instance: default-switch
    Route Distinguisher: 129.120.213.18:1
    Encapsulation type: VXLAN
    Duplicate MAC detection threshold: 5
    Duplicate MAC detection window: 180
    MAC database status Local Remote
    MAC advertisements: 2 3
    MAC+IP advertisements: 3 3
    Default gateway MAC advertisements: 2 1
    Number of local interfaces: 3 (2 up)
    r Interface name ESI Mode Status AC-Role
    .local..5 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    ge-0/0/47.0 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    ge-0/0/48.0 00:00:00:00:00:00:00:00:00:00 single-homed Down Root
    Number of IRB interfaces: 1 (1 up)
    Interface name VLAN VNI Status L3 context
    irb.2997 5100 Up master
    Number of protect interfaces: 0
    Number of bridge domains: 1
    VLAN Domain-ID Intfs/up IRB-intf Mode MAC-sync IM-label MAC-label v4-SG-sync IM-core-NH v6-SG-sync IM-core-NH Trans-ID
    2997 5100 2 1 irb.2997 Extended Enabled 5100 Enabled 131071 Disabled 5100
    Number of neighbors: 1
    l Address MAC MAC+IP AD IM ES Leaf-label Remote-DCI-Peer
    129.120.213.3 3 3 1 1 0
    Number of ethernet segments: 1
    ESI: 05:00:00:fe:4c:00:00:13:ec:00
    Local interface: irb.2997, Status: Up/Forwarding
    Number of remote PEs connected: 1
    Remote-PE MAC-label Aliasing-label Mode
    129.120.213.3 5100 0 all-active
    Router-ID: 129.120.213.18
    Source VTEP interface IP: 129.120.213.18
    SMET Forwarding: Enabled: Nexthop Limit: 10000 Nexthop Usage: 1

    {master:0}
    mevans@CHEM-175-AGG> ...120.213.3 mac 9c:eb:e8:c2:cf:7d count 2

    ping-overlay protocol vxlan

    vni 5100
    tunnel src ip 129.120.213.18
    tunnel dst ip 129.120.213.3
    mac address 9c:eb:e8:c2:cf:7d
    count 2
    ttl 255

    WARNING: following hash-parameters are missing -
    hash computation may not succeed

    end-host smac
    end-host dmac
    end-host src ip
    end-host dst ip
    end-host input-ifd-idx
    end-host protocol
    end-host l4-src-port
    end-host l4-dst-port

    Request for seq 1, to 129.120.213.3, at Oct 07 2021 13:59:08.947 CDT
    Response for seq 1, from 129.120.213.3, at Oct 07 2021 13:59:11.764 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.3

    End-System Present


    Request for seq 2, to 129.120.213.3, at Oct 07 2021 13:59:09.947 CDT
    Response for seq 2, from 129.120.213.3, at Oct 07 2021 13:59:12.765 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.3

    End-System Present


    {master:0}
    mevans@CHEM-175-AGG> show arp | no-more
    MAC Address Address Name Interface Flags
    00:cc:34:f0:23:80 10.126.36.2 10.126.36.2 irb.2997 [vtep.32769] permanent remote
    5c:26:0a:68:b7:5a 10.126.36.4 10.126.36.4 irb.2997 [ge-0/0/47.0] permanent remote
    9c:eb:e8:c2:cf:7d 10.126.37.4 10.126.37.4 irb.2997 [vtep.32769] permanent remote
    d4:04:ff:b1:54:00 129.120.213.122 129.120.213.122 irb.636 [ae0.0] none
    Total entries: 4

    {master:0}
    mevans@CHEM-175-AGG>



    ======================= WH AGG =========================================
    set policy-options policy-statement STATIC-TO-OSPF term export_static from protocol static
    set policy-options policy-statement STATIC-TO-OSPF term export_static then accept
    set policy-options policy-statement STATIC-TO-OSPF term loopback from protocol direct
    set policy-options policy-statement STATIC-TO-OSPF term loopback from interface lo0.0
    set policy-options policy-statement STATIC-TO-OSPF term loopback then accept
    set policy-options policy-statement STATIC-TO-OSPF to protocol ospf
    set policy-options policy-statement STATIC-TO-OSPF then accept
    set protocols ospf area 0.0.0.46 nssa default-lsa
    set protocols ospf area 0.0.0.46 nssa no-summaries
    set protocols ospf area 0.0.0.46 interface lo0.0 passive
    set protocols ospf area 0.0.0.46 interface irb.2997 passive
    set protocols ospf export STATIC-TO-OSPF
    set protocols bgp group overlay type internal
    set protocols bgp group overlay multihop
    set protocols bgp group overlay local-address 129.120.213.3
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay neighbor 129.120.213.18
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list all
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 129.120.213.3:1
    set switch-options vrf-target target:65100:5000
    set routing-options router-id 129.120.213.3
    set routing-options autonomous-system 65100
    set routing-options static route 0.0.0.0/0 next-hop 129.120.7.250
    set routing-options multicast forwarding-cache timeout 720
    set vlans VLAN2997 description "AITS IP Camera"
    set vlans VLAN2997 vlan-id 2997
    set vlans VLAN2997 l3-interface irb.2997
    set vlans VLAN2997 vxlan vni 5100
    set vlans VLAN2997 vxlan ingress-node-replication
    set interfaces irb unit 2997 virtual-gateway-accept-data
    set interfaces irb unit 2997 description "AITS IP Camera"
    set interfaces irb unit 2997 family inet address 10.126.36.1/23 virtual-gateway-address 10.126.37.250
    set interfaces ge-0/0/47 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members 2997


    {master:0}
    mevans@WH-150-AGG> show evpn instance extensive| no-more
    eInstance: __default_evpn__
    Route Distinguisher: 129.120.213.3:0
    Number of bridge domains: 0
    Number of neighbors: 0

    Instance: default-switch
    Route Distinguisher: 129.120.213.3:1
    Encapsulation type: VXLAN
    Duplicate MAC detection threshold: 5
    Duplicate MAC detection window: 180
    MAC database status Local Remote
    MAC advertisements: 2 3
    MAC+IP advertisements: 3 3
    Default gateway MAC advertisements: 2 1
    r Number of local interfaces: 2 (2 up)
    Interface name ESI Mode Status AC-Role
    .local..5 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    ge-0/0/47.0 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
    Number of IRB interfaces: 1 (1 up)
    Interface name VLAN VNI Status L3 context
    irb.2997 5100 Up master
    Number of protect interfaces: 0
    Number of bridge domains: 1
    VLAN Domain-ID Intfs/up IRB-intf Mode MAC-sync IM-label MAC-label v4-SG-sync IM-core-NH v6-SG-sync IM-core-NH Trans-ID
    2997 5100 1 1 irb.2997 Extended Enabled 5100 Enabled 131072 Disabled 5100
    Number of neighbors: 1
    l Address MAC MAC+IP AD IM ES Leaf-label Remote-DCI-Peer
    129.120.213.18 3 3 1 1 0
    Number of ethernet segments: 1
    ESI: 05:00:00:fe:4c:00:00:13:ec:00
    Local interface: irb.2997, Status: Up/Forwarding
    Number of remote PEs connected: 1
    Remote-PE MAC-label Aliasing-label Mode
    129.120.213.18 5100 0 all-active
    Router-ID: 129.120.213.3
    Source VTEP interface IP: 129.120.213.3
    SMET Forwarding: Enabled: Nexthop Limit: 10000 Nexthop Usage: 1

    {master:0}
    mevans@WH-150-AGG> ...20.213.18 mac 5c:26:0a:68:b7:5a count 2

    ping-overlay protocol vxlan

    vni 5100
    tunnel src ip 129.120.213.3
    tunnel dst ip 129.120.213.18
    mac address 5c:26:0a:68:b7:5a
    count 2
    ttl 255

    WARNING: following hash-parameters are missing -
    hash computation may not succeed

    end-host smac
    end-host dmac
    end-host src ip
    end-host dst ip
    end-host input-ifd-idx
    end-host protocol
    end-host l4-src-port
    end-host l4-dst-port

    Request for seq 1, to 129.120.213.18, at Oct 07 2021 13:56:33.739 CDT
    Response for seq 1, from 129.120.213.18, at Oct 07 2021 13:56:30.924 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.18

    End-System Present


    Request for seq 2, to 129.120.213.18, at Oct 07 2021 13:56:34.739 CDT
    Response for seq 2, from 129.120.213.18, at Oct 07 2021 13:56:31.925 CDT, rtt 2 msecs

    Overlay-segment present at RVTEP 129.120.213.18

    End-System Present


    {master:0}
    mevans@WH-150-AGG> show arp | no-more
    MAC Address Address Name Interface Flags
    00:cc:34:f0:27:80 10.126.36.1 10.126.36.1 irb.2997 [vtep.32769] permanent remote
    5c:26:0a:68:b7:5a 10.126.36.4 10.126.36.4 irb.2997 [vtep.32769] permanent remote
    9c:eb:e8:c2:cf:7d 10.126.37.4 10.126.37.4 irb.2997 [ge-0/0/47.0] permanent remote
    d4:04:ff:b1:54:00 129.120.213.62 129.120.213.62 irb.606 [ae0.0] none
    Total entries: 4

    {master:0}
    mevans@WH-150-AGG>



    ------------------------------
    Mark Evans
    ------------------------------



  • 4.  RE: EVPN / VXLAN

    Posted 10-07-2021 13:28
    You mind sharing your configs on the agg switches?  Also, the above outputs only appear to be from one of the agg switches, not both.  What does a show evpn instance extensive show??