We are implementing VXLAN BGP EVPN in our Datacenter. Our VXLAN Fabric consists of two Nexus 9364c Switches (Spines) and four Nexus C93108TC Switches (Leafs). The Leaf switches are forming two pairs of vPC VTEP Switches (Leaf1 with Leaf2) and (Leaf3 with Leaf4).
The problem is that when we perform a traceroute test from the external network to a connected server in the second pair of Leaf (Leaf 3 and Leaf 4) the path is not completed. We assume that it is because it stays in the gateway of the first pair of Leaf (Leaf 1 and Leaf 2).
Since the traceroute test is very important for troubleshooting, do we need to know if there is any way to solve this behavior?
What other configuration option would be recommended to use to replace anycast gateway?
I dont think so becuase of vpc vtep, i think this is becuase the border leaf can not know mac address of vtep to build arp to ask the mac.
Do you config the mac address of fabric?
yes, We configure the mac address of fabric in every Leaf as we show below:
feature fabric forwarding
fabric forwarding anycast-gateway-mac 0000.2222.3333
vrf member TENANT-1
no ip redirects
ip address 10.131.0.1/24
no ipv6 redirects
ip ospf passive-interface
ip router ospf 440 area 0.0.0.10
fabric forwarding mode anycast-gateway
Is this a normal behavior of VXLAN BGP EVPN deployment?
Is there any way of solve this issues?
You stated that the traceroute completes successfully for Server A, however Server B does not.
If traceroute is working between the default VRF and TENANT-1 VRF on LEAF-1 and LEAF-2, it sounds like you may have an issue advertising that external network into the EVPN fabric. Can you confirm that we have a route to the host sending the traceroute in the TENANT-1 VRF on LEAF-3 and LEAF-4?