Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1133
Views
5
Helpful
1
Replies

VXLAN - Nexus 9K - Anycast - VTEP Unresponsive?

vxlannnn
Level 1
Level 1

‎08-29-2021 09:24 AM

I'm having some issues with a simple vxlan setup using static ingress replication.

 

The Anycast vPC pair's VTEP doesn't seem to be responsive at all. I do not see any vxlan encapsulated frames being generated from either of these switches. No encapsulated L2 traffic is being sent across the vxlan underlay if its being generated on the vPC pair side. I am able to see encapsulated L2 traffic being sent from the single 9K (10.51.8.50) towards to the pair. I see the packet coming in (ARP) but it doesn't appear to be decapsulated and forwarded to VLAN 500.

 

I've dropped the MTU on the originating hosts to 1400 to get across my WAN link as its limited to 1500.

 

I have verified L3 connectivity:

ping 10.51.8.50 source-interface lo50
ping 10.243.13.50 source-interface lo50

I have verified the nve peer:

Interface Peer-IP                                 State LearnType Uptime   Router-Mac       
--------- --------------------------------------  ----- --------- -------- -----------------
nve1      10.51.8.50                              Up    DP        5d02h    n/a

The vPC link appears good:

vPC domain id                     : 100 
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : primary                       
Number of vPCs configured         : 50  
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : 2
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled, timer is off.(timeout = 240s)
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Disabled
Virtual-peerlink mode             : Disabled

Config relating to vxlan:

 

1-SW1:

tware
  BIOS: version 05.31
 NXOS: version 9.3(1)
  BIOS compile time:  05/17/2018
  NXOS image file is: bootflash:///nxos.9.3.1.bin
  NXOS compile time:  7/18/2019 15:00:00 [07/19/2019 00:04:48]


Hardware
  cisco Nexus9000 C93180YC-FX Chassis 
  Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 65808228 kB of memory.
  Processor Board ID FDO22282THV
vlan 500
  name VxLAN
  vn-segment 5000

interface Vlan500
  description vxlan-segment 5000 - 10.100.1.0/23
  no shutdown
  mtu 1500
  ip address 10.100.1.250/23

interface nve1
  no shutdown
  source-interface loopback50
  member vni 5000
  ingress-replication protocol static
  peer-ip 10.51.8.50

interface loopback50
  description VxLAN - VN5000
  ip address 10.241.13.51/32
  ip address 10.241.13.50/32 secondary

1-SW2:

tware
  BIOS: version 05.31
 NXOS: version 9.3(1)
  BIOS compile time:  05/17/2018
  NXOS image file is: bootflash:///nxos.9.3.1.bin
  NXOS compile time:  7/18/2019 15:00:00 [07/19/2019 00:04:48]


Hardware
  cisco Nexus9000 C93180YC-FX Chassis 
  Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 65808228 kB of memory.
  Processor Board ID FDO22282THV
vlan 500
  name VxLAN
  vn-segment 5000

interface Vlan500
  description vxlan-segment 5000 - 10.100.1.0/23
  no shutdown
  mtu 1500
  ip address 10.100.1.251/23

interface nve1
  no shutdown
  source-interface loopback50
  member vni 5000
  ingress-replication protocol static
  peer-ip 10.51.8.50

interface loopback50
  description VxLAN - VN5000
  ip address 10.241.13.52/32
  ip address 10.241.13.50/32 secondary

2-SW1

IOS: version 05.38
 NXOS: version 9.3(1)
  BIOS compile time:  06/12/2019
  NXOS image file is: bootflash:///nxos.9.3.1.bin
  NXOS compile time:  7/18/2019 15:00:00 [07/19/2019 00:04:48]


Hardware
  cisco Nexus9000 C93240YC-FX2 Chassis 
  Intel(R) Xeon(R) CPU D-1526 @ 1.80GHz with 16337464 kB of memory.
  Processor Board ID FDO22390YLA
vlan 500
  name VxLAN
  vn-segment 5000

interface Vlan500
  description vxlan-segment 5000 - 10.100.1.0/23
  no shutdown
  mtu 1500
  ip address 10.100.1.252/23

interface nve1
  no shutdown
  source-interface loopback50
  member vni 5000
  ingress-replication protocol static
  peer-ip 10.241.13.50

interface loopback50
  description VxLAN - VN5000
  ip address 10.51.8.50/32

 

Any ideas why the vPC pairs VTEP seems to be dead?

Labels:
1 Reply 1

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎11-25-2021 12:39 PM - edited ‎11-25-2021 12:41 PM

As far as I see in the provided outputs, you have "peer-gateway" disabled. This must be enabled for vpc peers with vxlan. Not sure if this is causing the problem here, but let's first get the configuration up to date.

Later edit: "peer-gateway (...) facilitates NVE RMAC/VMAC programming on both peers"

Ref: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/vxlan/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x_chapter_0100010.html#id_1...

 

Stay safe,

Sergiu

0 Helpful
Customers Also Viewed These Support Documents