Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1815
Views
4
Helpful
17
Replies

problem with arp NX-OS

Go to solution
kirill-pototskiy98
Level 1
Level 1

‎08-21-2025 04:19 AM

Hello! I have a problem.

I have 2 leaf, which have connections to client 1,2. When client 1 try ping, it sends arp request, but it doesn't have reply. When I see dump, I see that leaf 1 replace arp-request on vxlan, but it doesn't send reply to client 1. I don't understand this situation.

My config, and debug information

 

hostname leaf3

cfs eth distribute

nv overlay evpn

feature ospf

feature bgp

feature interface-vlan

feature vn-segment-vlan-based

feature lacp

feature lldp

feature nv overlay

 

no password strength-check

role network-admin

ip domain-lookup

copp profile strict

rmon event 1 log trap public description FATAL(1) owner PMON@FATAL

rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL

rmon event 3 log trap public description ERROR(3) owner PMON@ERROR

rmon event 4 log trap public description WARNING(4) owner PMON@WARNING

rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO

 

fabric forwarding anycast-gateway-mac 0000.2222.3333

vlan 1,201-202,999

vlan 201

name cli1_tanant1

vn-segment 50201

vlan 202

name cli2_tanant1

vn-segment 50202

vlan 999

name L3_VNI

vn-segment 50999

 

route-map permitall permit 10

vrf context Tenant-1

vni 50999

rd auto

address-family ipv4 unicast

route-target both auto

route-target both auto evpn

vrf context management

 

 

interface Vlan1

 

interface Vlan201

no shutdown

vrf member Tenant-1

no ip redirects

ip address 10.0.201.254/24

fabric forwarding mode anycast-gateway

 

interface Vlan202

no shutdown

vrf member Tenant-1

no ip redirects

ip address 10.0.202.254/24

fabric forwarding mode anycast-gateway

 

interface Vlan999

no shutdown

vrf member Tenant-1

ip forward

 

interface nve1

no shutdown

host-reachability protocol bgp

source-interface loopback1

member vni 201

member vni 50201

ingress-replication protocol bgp

member vni 50202

ingress-replication protocol bgp

member vni 50999 associate-vrf

 

interface Ethernet1/1

no switchport

mtu 8000

port-type fabric

medium p2p

no ip redirects

ip unnumbered loopback0

no ipv6 redirects

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.0

no shutdown

 

interface Ethernet1/2

no switchport

mtu 8000

port-type fabric

medium p2p

no ip redirects

ip unnumbered loopback0

no ipv6 redirects

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.0

no shutdown

 

interface Ethernet1/3

switchport access vlan 201

 

interface Ethernet1/4

switchport access vlan 201

interface Ethernet1/5

interface Ethernet1/6

interface Ethernet1/7

interface Ethernet1/8

interface loopback0

description routerID underlay

ip address 10.10.10.3/32

ip router ospf 1 area 0.0.0.0

 

interface loopback1

description nve

ip address 10.200.200.3/32

ip router ospf 1 area 0.0.0.0

icam monitor scale

 

line console

line vty

router ospf 1

router-id 10.10.10.3

router bgp 65400

router-id 10.10.10.3

address-family l2vpn evpn

retain route-target all

neighbor 10.10.100.6

remote-as 65400

update-source loopback0

address-family ipv4 unicast

address-family l2vpn evpn

send-community

send-community extended

neighbor 10.10.100.7

remote-as 65400

update-source loopback0

address-family ipv4 unicast

address-family l2vpn evpn

send-community

send-community extended

vrf Tenant-1

address-family ipv4 unicast

redistribute direct route-map permitall

evpn

 

vni 50201 l2

rd auto

route-target import auto

route-target export auto

vni 50202 l2

rd auto

route-target import auto

route-target export auto

 

leaf3# show bgp l2vpn evpn


Network Next Hop Metric LocPrf Weight Path


Route Distinguisher: 10.10.10.1:3


*>i[5]:[0]:[0]:[24]:[10.0.201.0]/224


10.200.200.254 0 100 0 ?


*>i[5]:[0]:[0]:[24]:[10.0.202.0]/224


10.200.200.254 0 100 0 ?

 

Route Distinguisher: 10.10.10.1:32968


*>i[2]:[0]:[0]:[48]:[0050.7966.6800]:[0]:[0.0.0.0]/216


10.200.200.1 100 0 i


*>i[2]:[0]:[0]:[48]:[0c5a.0000.1b08]:[0]:[0.0.0.0]/216


10.200.200.254 100 0 i


*>i[2]:[0]:[0]:[48]:[0050.7966.6800]:[32]:[10.0.201.1]/272


10.200.200.1 100 0 i


*>i[3]:[0]:[32]:[10.200.200.254]/88


10.200.200.254 100 0 i

 

Route Distinguisher: 10.10.10.1:32969


*>i[2]:[0]:[0]:[48]:[0c5a.0000.1b08]:[0]:[0.0.0.0]/216


10.200.200.254 100 0 i


*>i[3]:[0]:[32]:[10.200.200.254]/88


10.200.200.254 100 0 i

 

Route Distinguisher: 10.10.10.3:32968 (L2VNI 50201)


*>i[2]:[0]:[0]:[48]:[0050.7966.6800]:[0]:[0.0.0.0]/216


10.200.200.1 100 0 i


*>l[2]:[0]:[0]:[48]:[0050.7966.6801]:[0]:[0.0.0.0]/216


10.200.200.3 100 32768 i


*>i[2]:[0]:[0]:[48]:[0c5a.0000.1b08]:[0]:[0.0.0.0]/216


10.200.200.254 100 0 i


*>i[2]:[0]:[0]:[48]:[0050.7966.6800]:[32]:[10.0.201.1]/272


10.200.200.1 100 0 i


*>l[2]:[0]:[0]:[48]:[0050.7966.6801]:[32]:[10.0.201.2]/272


10.200.200.3 100 32768 i


*>l[3]:[0]:[32]:[10.200.200.3]/88


10.200.200.3 100 32768 i


*>i[3]:[0]:[32]:[10.200.200.254]/88


10.200.200.254 100 0 i

 

Route Distinguisher: 10.10.10.3:32969 (L2VNI 50202)


*>i[2]:[0]:[0]:[48]:[0c5a.0000.1b08]:[0]:[0.0.0.0]/216


10.200.200.254 100 0 i


*>l[3]:[0]:[32]:[10.200.200.3]/88


10.200.200.3 100 32768 i


*>i[3]:[0]:[32]:[10.200.200.254]/88


10.200.200.254 100 0 i

 

Route Distinguisher: 10.10.10.3:3 (L3VNI 50999)


*>i[2]:[0]:[0]:[48]:[0050.7966.6800]:[32]:[10.0.201.1]/272


10.200.200.1 100 0 i


* i[5]:[0]:[0]:[24]:[10.0.201.0]/224


10.200.200.254 0 100 0 ?


*>l 10.200.200.3 0 100 32768 ?


* i[5]:[0]:[0]:[24]:[10.0.202.0]/224


10.200.200.254 0 100 0 ?


*>l 10.200.200.3 0 100 32768 ?

 

leaf3# show l2route evpn mac all

 

201 0050.7966.6800 BGP SplRcv 0 10.200.200.1 (Label:


50201)


201 0050.7966.6801 Local L, 0 Eth1/4

 

999 0200.0ac8.c8fe VXLAN Rmac 0 10.200.200.254

 

999 0c5a.0000.1b08 VXLAN Rmac 0 10.200.200.1

Labels:
17 Replies 17

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎08-21-2025 07:05 AM

vni 50201 l2

rd auto

route-target import auto

route-target export auto

suppress-arp <<- add this to both leaf and check

MHM

 

Go to solution
kirill-pototskiy98
Level 1
Level 1
In response to MHM Cisco World

‎08-22-2025 03:57 AM

Yes! When I switched on suppress-arp apr started to work correctly. But I don't understand why nexus doesn't send arp reply to client without suppress-arp

Go to solution
MHM Cisco World
VIP
VIP
In response to kirill-pototskiy98

‎08-22-2025 04:02 AM

Ok' in simple word 

Client send ARP ask mac of remote client MAC

This ARP reach leaf' leaf check mac in both data plane and control plane (this why I ask you check bgp route type2 mac-ip) 

If it found there is mac it drop ARP but here the key 

It drop arp but not send to local client the mac of remote client mac 

With suppres leaf send to local client mac and hence ping success.

MHM

0 Helpful
Customers Also Viewed These Support Documents