Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1357
Views
0
Helpful
0
Replies

normal Spanning tree loop under two vxlan VPC vteps

fly
Level 2
Level 2

‎01-19-2019 05:32 AM - edited ‎01-19-2019 05:33 AM

Hi,

   I connect two 3560 one 2960 to two vxlan bleaf1,2 , and create a spanning tree loop under two vpc vxlan vtep.  please to see topo file

   1、 I config vlan 21 on bleafs and 3560s,2960  create loop between these swithes , and using pvst

   2、 bleaf12 vpc vteps using vtep anycast IP , and config mulicast for BUM 239.0.20.1

   3、I create a l2 vni 10021 for vlan 21 on vxlan core, and I can ping from vlan21 pc under bleaf to remote server under server leaf through l2 vni 10021.

  I have some questions:

   1、does this create a loop through l2 vni 10021 between vpc bleaf1 bleaf2  and vlan 21 on traditional switches?  I see some port is blocked on 3560-2 and 2960 ,I checked there is no loop on traditional 3560 2960 switch, stp root on bleaf 1, I think there is possible l2 loop trough vxlan l2 vni for vlan 21. but I didn't see layer 2 loop storm.

   2、I shutdown link between two 3560 and one link on 2960, and remove vlan 21 on vpc peer link between two vpc border leaf.  there is no loop under two bleafs 3560 2960 for vlan 21, that ping from pc which connected to 3560-1(10.20.1.201)  to pc connected to 3560-2(10.20.1.52)(same subnets) must send to bleaf 1 and across vxlan l2 vni 10021 and finally reach destination . and I tested  ping is success , but after I capture packet on peer link on bleaf 1 2 and bleaf1 to spine1 ,spine 2 interface,  I found there is no packet from bleaf1 send to spine1 2 , and send directly to vpc peer link to  bleaf2 through vpc peer-link.

       from first packet I captured on vpc peerlink on bleaf2 and I found traffic is encapsulate in multicast group 239.0.20,1( it is multicast group I configured for layer2 vni 10021). (please see attach vxlan wireshark picture) encap in multicast mac address.

     from second packet I captured I found source ip address is changed to 127.0.0.1  destination is 239.0.20.1 ,plese se attach vxlan2 wireshark picture)

 

      I tried turn on and off suppress arp under layer 2 vni 10021on bleaf 1 2,I think bgp evpn on bleaf 1 can update type 2 route to spine 1 2 , and will reflect to bleaf2, and vice versa , but traffic was not send to unicast known mac though spine 1 2 ,

    why nexus create a temporary vlan 4041 on vpc peer link for this multicast traffic ,and traffic send through vpc peer link directly , although I remove vlan 21 on peer link  I don't want this traffic pass through vpc peer link, I think this traffic didn't find destination mac address and encapluated in a multicast packet.

 

  In this scenario,  two 3560 connect to two bleaf as traditional link, not vpc 

 

thank you

Andy 

 

Labels:
Preview file
315 KB
Preview file
307 KB
Preview file
233 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card