cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
134
Views
0
Helpful
0
Replies
Highlighted
Beginner

NX9Kv: vPC + EVPN-VXLAN upstream traffic duplication

Hi,

Let's suppose that we have the topology below:

 

vpc-evpn.PNG

 

NXOSes are Nexus 9000v 9.2(2) and run EVPN-VXLAN, NXOS and NXOS2 are also vPC peers.

3725 is just an emulator for IP fabric between NXOSes and Mikrotiks are customer devices.

Let's suppose that we have L2VNI 100 on all NXOSes. For BUM traffic ingress replication is activated.

The problem is as follows:

1. Mikrotik1 generates broadcast frame for VNI 100 and sends it via ether1 to NXOS.

2. NXOS sends that frame to NXOS3 (encapsulated in VXLAN) and to NXOS2 via peer-link.

3. NXOS2 receives that frame via peer-link and also encapsulates it in VXLAN and sends to NXOS3.

4. NXOS3 (and Mikrotik2 accordingly) receives 2 copies of one frame.

 

I think that NXOS2 behaviour (item 3) in this situation is a bug of NX9Kv, but I can't check it on a real hardware.

Also I can't find a clear explanation about vPC+VXLAN upstream traffic processing in Cisco docs.

All that I've found is:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_0100.html

To prevent traffic loops in VXLAN networks, native packets ingressing the peer-link cannot be sent to an uplink. However, if the peer switch is the encapper, the copied packet traverses the peer-link and is sent to the uplink.

 

This is completely unclear for me.

 

Can anyone explain this situation or just check it on real hardware?

Configs of nxoses are in the attachment.

 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards