Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
0
Helpful
0
Replies

SVI Over VXLAN For OSPF Connectivity

pinie0001
Level 1
Level 1

‎07-22-2020 01:58 AM

Hi Everybody,

we tried yesterday to configure SVI over VXLAN and the SVI became suspend.

i need your help to resolve the issue.

 

our topology describe on the bellow photo (the FW isn't relevant now, it will replace the 9504 in the future):

 

VXLAN Topology.jpg

 

 

1. we have 2 Nexus 9504 as a backbone in our main branch in the DC.

the 9504 switch configured as a VPC and we have a lot of VPC links.

additionally, the switches run OSPF to several sites.

the ospf run over VPC with the command Layer3 Peer-router and everything work fine.

 

2. under the 9504 switches we have couple 9300 switches (MMN-VXLAN-MAIN and MMN-VXLAN-DR).

the 9300 switches configured as VPC and connected to both 9504 with PO/VPC 145.

PO145 is used to stretch vlans in L2 towards the VXLAN switches (L2 stretch between the sites work fine today).

Eth 1/3 on both 9300 use for the VXLAN Connectivity with routed ports, ospf for the underlay.

 

3. the switches MTH-VXLAN-MAIN and MTH-VXLAN-DR are same to MMN-VXLAN-MAIN and MMN-VXLAN-DR but they are located in the remote site and use for the VXLAN connectivity.

they also configured as VPC and PO145 using to stretch vlans from MTH-6800-VSS towards the VXLAN.

 

4. MTH-6800-VSS is the Core switch of the remote site

 

today, we have several L2 vlans that the L3 configured on MTH-6800-VSS and they pass between the sites over the VXLAN and everything work fine.

we dont have any L2 issue on the topology.

 

we need to implement some change on our network.

in the change, we need to create ospf neighborship between the sites.

1. we need to create ospf neighborship on area 200 between MTH-6800-VSS to MTH-VXLAN-MAIN and MTH-VXLAN-DR (already done and work with interface vlan 3013 that run over PO145).

 

2. we need to create ospf neighborship on area 200 between 9504-MAIN, 9504-DR, VXLAN-MMN-MAIN and VXLAN-MMN-DR (already done and work with interface vlan 3010 that run over PO145).

both 9504 are configured with several ospf ares and area 0.

 

3. the next step was to configure a new L2 vlan (3030) with vn-segment over the VXLAN to create ospf neighborship between the 4 switches of the VXLAN for learning routes on the main site from the remote site and to send 0.0.0.0 (use nssa) to MTH-6800-VSS.

 

first, we configure the new vlan as a standard vlan (L2, add the vlan to the peer link and create SVI with subnet 255.255.255.248).

VXLAN-MMN-MAIN and VXLAN-MMN-DR became ospf neighbor on the new vlan over the peer link.

we did the same with the same vlan on MTH-VXLAN-MAIN and MTH-VXLAN-DR.

 

after that, we tried to configure this vlan with vn-segment for stretch the vlan over the VXLAN and create ospf neighborship between the all fabric switches.

 

after we done the VXLAN configuration the interface vlan became suspend and down.

 

interface Vlan3030
description OSPF-VXLAN-MMN-TO-MTH-MAIN
no shutdown
vrf member Overlay
no ip redirects
ip address 5.200.205.1/29
no ipv6 redirects
no ip ospf passive-interface
ip router ospf overlay area 0.0.0.200

 

VXLAN-MMN-MAIN# show interface vlan 3030
Vlan3030 is down (suspended), line protocol is down, autostate enabled
Hardware is EtherSVI, address is a8b4.5602.9ab7
Description: OSPF-VXLAN-MMN-TO-MTH-MAIN Internet Address is 5.200.205.1/29
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA
Last clearing of "show interface" counters never
L3 in Switched:
ucast: 0 pkts, 0 bytes

 

vlan 3030
name OSPF-VXLAN-MMN-TO-MTH-MAIN
vn-segment 10003030

!

evpn
vni 10000021 l2
rd auto
route-target import auto
route-target export auto
vni 10000022 l2
rd auto
route-target import auto
route-target export auto
vni 10000080 l2
rd auto
route-target import auto
route-target export auto
vni 10000222 l2
rd auto
route-target import auto
route-target export auto
vni 10003003 l2
rd auto
route-target import auto
route-target export auto
vni 10003030 l2
rd auto
route-target import auto
route-target export auto

!

interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 33333 associate-vrf
member vni 10000021
suppress-arp
ingress-replication protocol bgp
member vni 10000022
suppress-arp
ingress-replication protocol bgp
member vni 10000080
suppress-arp
ingress-replication protocol bgp
member vni 10000222
suppress-arp
ingress-replication protocol bgp
member vni 10003003
suppress-arp
ingress-replication protocol bgp
member vni 10003030
suppress-arp
ingress-replication protocol bgp

 

 

we tested other several topology for our situation and we chose it to prevent A-symetric routes between the remote sites to the FW (in the future we want to use the VXLAN with Anycast address for several vlans and in any other topology we found issues with a-symetric routes).

 

i need your help to understand the issue and how i can resolve it.

 

Thanks!

Pini Elbaz 

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card