Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
274
Views
0
Helpful
3
Replies

IPv6 ND problem on Nexus 92160YC-X and VXLAN EVPN

vteronen
Level 1
Level 1

‎02-19-2025 10:53 AM

Hi,

I have been banging my head against the wall with Nexus 92160YC-X for a while.
We are running a EVPN-VXLAN based network with mostly Juniper gear and are looking to add one Nexus switch to provide L2 ports (so no L3 SVI:s or anything. Just bridge ports towards the fabric).

I have followed this documentation: Cisco Nexus 9000 Series VXLAN configuration guide 93x 
And I have it working for IPv4 but not for IPv6. I think it's because the switch doesn't do IPv6 ND Suppression on L2 ports and doesn't learn the IPv6 addresses because of this.

So on to configuration

Basically I have a port

 

 

 

interface Ethernet1/52
  description "Transit: ISP"
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1701
  no shutdown

 

 

 

Which is connected to an ISP device with v4 & v6 addresses. This is connected to our EVPN-VXLAN fabric which is Juniper based. V4 is working just fine but V6 is not and it's because the Nexus doesn't know how to learn the v6 addresses from the switchport.

if I do

 

 

 

show l2route evpn mac-ip all
Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link 
(Dup):Duplicate (Spl):Split (Rcv):Recv(D):Del Pending (S):Stale (C):Clear
(Ps):Peer Sync (Ro):Re-Originated (Orp):Orphan 
Topology    Mac Address    Host IP                                 Prod   Flags         Seq No     Next-Hops                              
----------- -------------- --------------------------------------- ------ ---------- ---------- ---------------------------------------
1701        60c7.8d28.6940 123.123.123.86                          ARP    L,            0         Eth1/52                                
1701        0021.59a9.5ff0 123.123.123.87                          BGP    --            0         172.31.254.202 (Label: 1701)           
1701        0021.59a9.5ff0 2001:123:123:123::2                        BGP    --            0         172.31.254.202 (Label: 1701)           
1701        0021.59a9.5ff0 fe80::221:5906:a5a9:5ff0                BGP    --            0         172.31.254.202 (Label: 17

 

 

 

I can see the V4 side coming from our Fabric & the ISP device and the also V6 side from our Fabric because it's broadcasted through BGP

The v4 side started working after I added suppress-arp to the nve1 interface

 

 

 

interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
global suppress-arp
member vni 1701
suppress-arp
ingress-replication protocol bgp

 

 

 

Is there anything I could try?
I am currently on the newest firmware I can see on the Cisco site (NXOS: version 9.3(14)) for the switch I have.

If I change the port to a regular L3 port then I can ping ISP device & I can see it in IPv6 neighbours so I am 100% that the problem is with the Nexus device I have.

Labels:
0 Helpful
3 Replies 3

AshSe
VIP
VIP

‎02-25-2025 08:42 PM

Hi @vteronen 

The issue you're encountering is likely related to the lack of IPv6 ND (Neighbor Discovery) suppression on the Cisco Nexus switch. While ARP suppression is supported for IPv4, IPv6 ND suppression is not always supported in the same way on all platforms or NX-OS versions. This can cause the Nexus switch to fail to learn IPv6 addresses on Layer 2 ports in an EVPN-VXLAN environment.

Here are some steps to troubleshoot and potentially resolve the issue:

  1. Verify IPv6 ND Suppression Support
  2. Enable IPv6 ND Inspection
  3. Enable IPv6 Snooping
  4. Verify EVPN Configuration
  5. Check for IPv6 ND Proxy Support
  6. Verify VLAN and VNI Mappin
  7. Check for Known Bug
  8. Use Static Neighbor Entries (Workaround
  9. Test with a Different NX-OS Versi
  10. Engage Cisco TA

Brief Summary:

The most likely cause of the issue is the lack of IPv6 ND suppression support on your Nexus switch. Enabling features like IPv6 ND inspection or IPv6 snooping may help, but if these are not supported or do not resolve the issue, you may need to rely on workarounds like static neighbor entries or engage Cisco TAC for further assistance.

 

Hope This Helps!!!

AshSe

 

Community Etiquette: 

  1. Insert photos/images inline - don't attach.
  2. Always mark helpful and correct answers, it helps others find what they need.
  3. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.
0 Helpful

AshSe
VIP
VIP

‎02-25-2025 08:47 PM

Commands:

Enable IPv6 ND Inspection

feature ipv6

ipv6 nd inspection vlan 1701

Enable IPv6 Snooping:

vlan configuration 1701

ipv6 snooping

Static Neighbor Entries

ipv6 neighbor 2001:123:123:123::2 Ethernet1/52

 

 

0 Helpful

vteronen
Level 1
Level 1
In response to AshSe

‎02-25-2025 10:47 PM

Hello,

Thank you for your reply.

The Nexus 92160YC-X seems to be lacking in this regard since there doesn't seem to be ipv6 snooping support in the firmware.

Enabling feature ipv6 is not available and trying to enable ipv6 snooping under vlan configuration results in

(config-vlan-config)# ipv6 snooping
Could not attach policy: vxlan configured

Thank you for giving out suggestions!

0 Helpful
Customers Also Viewed These Support Documents