cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
502
Views
0
Helpful
0
Replies
Highlighted
Beginner

VXLAN EVPN + Active/Standby Devices and L3

Hello.

Please help me to understand what I`m doing wrong

I implement a Active/Standby Devices into VXLAN Fabric but that is not work like expected.
I'm using virtualization with Nexus NXOSv: nxos.7.0.3.I7.4.bin under EVE-NG

In This test the Active/Standby Device can only do static routing. The Client-1 and Client-2 work in Active/Standby VRRP mode,
where in normal condition Client-1 is the Master. Both Devices are also connected to another subnet (In this test, Lo12 represent that subnet)
Client-1(110.110.110.11) and Client-2(110.110.110.12) are connected on the Frabric over VLAN110 using VNI 30110.
Client-1 and Client-2 also have a Default Gateway pointing to a Anycast Gateway on the Fabric (int VLAN110: 110.110.110.1).
A Static route for Lo12 (12.12.12.12/32) is configured on Leaf-1-1 and Leaf-2-1 pointing to the VRRP IP (110.110.110.254)on Client-1 and Client-2.
The Static route and the interface VLAN110 are redistribute in BGP, so that Leaf-3-1 can get it.

Client-3 is connected on the Fabric over VLAN120 using VNI 30120. A Default route is configured on Client-3 pointing to Interface VLAN120 on Leaf-3-1.
The interface VLAN120 is also redistribute in BGP.

For Inter-VNI(30110 and 30120) communication, interface VLAN222 is used.

All VNIs belong to same tenant vrf PROD.

 

In normal Situation, when the Client-1 is the Master VRRP:
The communication between Client-3 and Lo12 work fine.
But when the Client-2 become VRRP Master the communication between Client-3 and Lo12 is broken.
But the BGP evpn and ip route vrf show me correct information.
In case when Client-2 become vrrp master, the vrrp mac address is learn over Leaf-2-1.
The vrf L3 route for Lo12 is know over Leaf-1-1 because because of smaller BGP Router-id.
I was expected that in this case the trafic is forward to Leaf-1-1 and then go over the fabric to Leaf-2-1.
Because the mac address of the vrrp is now know over Leaf-2-1.

Can someone help to understand why?

Find on attach detail outputs in working and not working situation.
Also find the devices configuration.

 

TOPOLOGY

Topology_New.jpgTopology

Expected Trafic Flow

 

Expected_trafic_flow - Copie.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Outpts Working Situation

Client-3#ping 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 18/21/26 ms


Leaf-3-1# sh ip route vrf PROD
IP Route Table for VRF "PROD"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

12.12.12.12/32, ubest/mbest: 1/0
*via 50.50.50.50%default, [200/0], 04:15:08, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x32323232 encap: VXLAN

110.110.110.0/24, ubest/mbest: 1/0
*via 50.50.50.50%default, [200/0], 04:24:48, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x32323232 encap: VXLAN

110.110.110.11/32, ubest/mbest: 1/0
*via 50.50.50.50%default, [200/0], 04:19:07, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x32323232 encap: VXLAN

110.110.110.12/32, ubest/mbest: 1/0
*via 70.70.70.70%default, [200/0], 04:18:40, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x46464646 encap: VXLAN

110.110.110.254/32, ubest/mbest: 1/0
*via 50.50.50.50%default, [200/0], 00:06:41, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x32323232 encap: VXLAN

120.120.120.0/24, ubest/mbest: 1/0, attached
*via 120.120.120.1, Vlan120, [0/0], 04:24:59, direct, tag 12345
120.120.120.1/32, ubest/mbest: 1/0, attached
*via 120.120.120.1, Vlan120, [0/0], 04:24:59, local, tag 12345
120.120.120.3/32, ubest/mbest: 1/0, attached
*via 120.120.120.3, Vlan120, [190/0], 04:19:46, hmm



Leaf-3-1# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 249, Local Router ID is 3.3.3.3
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 3.3.3.3:32887 (L2VNI 30120)
*>l[2]:[0]:[0]:[48]:[5000.0001.0007]:[0]:[0.0.0.0]/216
30.30.30.30 100 32768 i
*>l[2]:[0]:[0]:[48]:[5000.0003.0000]:[32]:[120.120.120.3]/272
30.30.30.30 100 32768 i

Route Distinguisher: 5.5.5.5:10
*>i[5]:[0]:[0]:[24]:[110.110.110.0]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?
*>i[5]:[0]:[0]:[32]:[12.12.12.12]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?

Route Distinguisher: 5.5.5.5:32877
*>i[2]:[0]:[0]:[48]:[0000.5e00.010a]:[32]:[110.110.110.254]/272
50.50.50.50 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.000a.0000]:[32]:[110.110.110.11]/272
50.50.50.50 100 0 i

Route Distinguisher: 7.7.7.7:32877
*>i[2]:[0]:[0]:[48]:[5000.0005.0000]:[32]:[110.110.110.12]/272
70.70.70.70 100 0 i

Route Distinguisher: 5.5.5.5:10 (L3VNI 30222)
*>i[2]:[0]:[0]:[48]:[0000.5e00.010a]:[32]:[110.110.110.254]/272
50.50.50.50 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.0005.0000]:[32]:[110.110.110.12]/272
70.70.70.70 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.000a.0000]:[32]:[110.110.110.11]/272
50.50.50.50 100 0 i
*>i[5]:[0]:[0]:[24]:[110.110.110.0]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?
*>l[5]:[0]:[0]:[24]:[120.120.120.0]:[0.0.0.0]/224
30.30.30.30 0 100 32768 ?
*>i[5]:[0]:[0]:[32]:[12.12.12.12]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?




################################################################

Outputs NOT Working Situation


Leaf-1-1# sh ip route vrf PROD
IP Route Table for VRF "PROD"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

12.12.12.12/32, ubest/mbest: 1/0
*via 110.110.110.254, [1/0], 00:07:16, static, tag 101 segid: 30222 tunnelid
: 0x46464646 encap: VXLAN

110.110.110.0/24, ubest/mbest: 1/0, attached
*via 110.110.110.1, Vlan110, [0/0], 06:34:50, direct, tag 12345
110.110.110.1/32, ubest/mbest: 1/0, attached
*via 110.110.110.1, Vlan110, [0/0], 06:34:50, local, tag 12345
110.110.110.11/32, ubest/mbest: 1/0, attached
*via 110.110.110.11, Vlan110, [190/0], 04:42:18, hmm
110.110.110.12/32, ubest/mbest: 1/0
*via 70.70.70.70%default, [200/0], 04:41:50, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x46464646 encap: VXLAN

110.110.110.254/32, ubest/mbest: 1/0
*via 70.70.70.70%default, [200/0], 00:07:16, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x46464646 encap: VXLAN

120.120.120.0/24, ubest/mbest: 1/0
*via 30.30.30.30%default, [200/0], 04:46:18, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x1e1e1e1e encap: VXLAN

120.120.120.3/32, ubest/mbest: 1/0
*via 30.30.30.30%default, [200/0], 04:42:57, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x1e1e1e1e encap: VXLAN

 

Leaf-3-1# sh ip route vrf PROD
IP Route Table for VRF "PROD"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

12.12.12.12/32, ubest/mbest: 1/0
*via 50.50.50.50%default, [200/0], 04:39:12, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x32323232 encap: VXLAN

110.110.110.0/24, ubest/mbest: 1/0
*via 50.50.50.50%default, [200/0], 04:48:52, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x32323232 encap: VXLAN

110.110.110.11/32, ubest/mbest: 1/0
*via 50.50.50.50%default, [200/0], 04:43:11, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x32323232 encap: VXLAN

110.110.110.12/32, ubest/mbest: 1/0
*via 70.70.70.70%default, [200/0], 04:42:44, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x46464646 encap: VXLAN

110.110.110.254/32, ubest/mbest: 1/0
*via 70.70.70.70%default, [200/0], 00:08:10, bgp-65010, internal, tag 65010
(evpn) segid: 30222 tunnelid: 0x46464646 encap: VXLAN

120.120.120.0/24, ubest/mbest: 1/0, attached
*via 120.120.120.1, Vlan120, [0/0], 04:49:03, direct, tag 12345
120.120.120.1/32, ubest/mbest: 1/0, attached
*via 120.120.120.1, Vlan120, [0/0], 04:49:03, local, tag 12345
120.120.120.3/32, ubest/mbest: 1/0, attached
*via 120.120.120.3, Vlan120, [190/0], 04:43:50, hmm

 

Leaf-3-1# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 261, Local Router ID is 3.3.3.3
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 3.3.3.3:32887 (L2VNI 30120)
*>l[2]:[0]:[0]:[48]:[5000.0001.0007]:[0]:[0.0.0.0]/216
30.30.30.30 100 32768 i
*>l[2]:[0]:[0]:[48]:[5000.0003.0000]:[32]:[120.120.120.3]/272
30.30.30.30 100 32768 i

Route Distinguisher: 5.5.5.5:10
*>i[5]:[0]:[0]:[24]:[110.110.110.0]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?
*>i[5]:[0]:[0]:[32]:[12.12.12.12]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?

Route Distinguisher: 5.5.5.5:32877
*>i[2]:[0]:[0]:[48]:[5000.000a.0000]:[32]:[110.110.110.11]/272
50.50.50.50 100 0 i

Route Distinguisher: 7.7.7.7:32877
*>i[2]:[0]:[0]:[48]:[0000.5e00.010a]:[32]:[110.110.110.254]/272
70.70.70.70 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.0005.0000]:[32]:[110.110.110.12]/272
70.70.70.70 100 0 i

Route Distinguisher: 5.5.5.5:10 (L3VNI 30222)
*>i[2]:[0]:[0]:[48]:[0000.5e00.010a]:[32]:[110.110.110.254]/272
70.70.70.70 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.0005.0000]:[32]:[110.110.110.12]/272
70.70.70.70 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.000a.0000]:[32]:[110.110.110.11]/272
50.50.50.50 100 0 i
*>i[5]:[0]:[0]:[24]:[110.110.110.0]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?
*>l[5]:[0]:[0]:[24]:[120.120.120.0]:[0.0.0.0]/224
30.30.30.30 0 100 32768 ?
*>i[5]:[0]:[0]:[32]:[12.12.12.12]:[0.0.0.0]/224
50.50.50.50 0 100 0 ?

 

Leaf-1-1# sh system internal l2fwder mac
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 110 0000.5e00.010a static - F F (0x47000002) nve-peer2
70.70.7
G 110 5000.0002.0007 static - F F sup-eth1(R)
G 222 5000.0002.0007 static - F F sup-eth1(R)
* 110 5000.000a.0000 dynamic 06:37:56 F F Eth1/7
* 110 5000.0005.0000 static - F F (0x47000002) nve-peer2
70.70.7
1 1 -00:00:22:22:33:33 - 1

Leaf-2-1# sh system internal l2fwder mac
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 110 0000.5e00.010a dynamic 00:04:59 F F Eth1/7
G 110 5000.0008.0007 static - F F sup-eth1(R)
G 222 5000.0008.0007 static - F F sup-eth1(R)
* 110 5000.000a.0000 static - F F (0x47000001) nve-peer1
50.50.5
* 110 5000.0005.0000 dynamic 04:54:06 F F Eth1/7
1 1 -00:00:22:22:33:33 - 1

 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards