I have a problem, which I believe, is a configuration problem between an existing datacenter to a QFX acts as a vlan gateway
Here is the topology. followed by the problem I have
Two sites, on each site there's a Leaf-Spine datacenter topology, both have an edge-leaf which provides connectvity to the mpls cloud.
If Host-A will travel accross the Leaf-Spine Datacenter East-West via VXLAN, and the default gateway resides on the QFX, so in theory, once its vxlan decapsulated at the QFX, it should enter the vrf Domain in regular l3vpn routing to the opposite site.
in Practice, the QFX doesn't learn MAC addresses on it's ports facing the datacenter, it just learn MAC on this vlan for vrrp across the trunk between the two QFXes.
Each QFX has mlag/vpc connectivity to both of the edge-leaf switches, configured as trunk with only one vlan allowed on it.
Does anyone have an idea why are those ports won't learn MACs on those ports? the edge-leaf learns all of the MACs in the vlan across the datacenter.
on the opposite site, when there's a Nexus acting as a gateway, all works fine.
Tried to share troubleshooting ideas and pointers that should help us figure this out.
Are the respective leaf interfaces facing the MC-LAG peers configured identical on both DCs? Is it trunked on both sides (QFX/Nexus and leaf) in both DCs? Can you try to make it an access port and check?
Please ensure the interfaces to QFX are configured with the right VLAN and trunked.
Is the MC-LAG and ICCP (with backup-liveness detection) is all up and running?
Please check if any of the QFXs learns MACs or both peers are missing the MACs.Please check if STP is blocking any of the ports. And if you have STP enabled globally on the QFX (recommended), please disable STP on the Inter-QFX link (recommended). Also check if the MACs are learnt on the Inter-QFX link by any chance.If both QFXs are missing the MACs, then please verify whether traffic is actually sent from the leaf towards the MC-LAG peers. We can validate this with firewall filter on QFXs (match source IP/MAC and count the traffic, apply it as ingress on interfaces facing the DC) or using some ping test to the remote DC if that's working or not.
Please let me know how this goes.
Hope this helps.
If this solves your problem, please mark this post as "Accepted Solution."Kudos are always appreciated :).
it was resolved after reconfiguring the port-channel as access port