Hi gyus,
I am trying to configure ebgp multihop session from nexus 9k, but the far end is not connected to this VxLAN fabric. I am using border-spine topology. Traffic is going through spine (ECMP) into our MPLS network (there is also my far end). I tried to configure SVI and Loopback as update-source with no success. The L3 connection looks good, but BGP peering is still down.
ping:
leaf2-dc# ping a.b.c.d source-interface loopback 10
PING a.b.c.d (a.b.c.d): 56 data bytes
64 bytes from a.b.c.d: icmp_seq=0 ttl=252 time=1.618 ms
64 bytes from a.b.c.d: icmp_seq=1 ttl=252 time=1.386 ms
64 bytes from a.b.c.d: icmp_seq=2 ttl=252 time=1.318 ms
64 bytes from a.b.c.d: icmp_seq=3 ttl=252 time=1.243 ms
64 bytes from a.b.c.d: icmp_seq=4 ttl=252 time=1.201 ms
--- a.b.c.d ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
telnet to port 179:
leaf2-dc# telnet a.b.c.d 179 source loopback10 vrf inet
Trying a.b.c.d...
Connected to a.b.c.d.
Connfiguration on my nexus switch:
interface loopback10
description Loopback in vrf_inet
vrf member inet
ip address e.f.g.h/32
router bgp X
neighbor a.b.c.d
remote-as Y
update-source loopback10
disable-connected-check
ebgp-multihop 255
address-family ipv4 unicast
route-map drop in
route-map drop out
BGP logs from nexus:
2023 Jun 21 13:44:55.028199: (inet) EVT: Starting timer (60 sec 0 nsec) for a.b.c.d connection retry
2023 Jun 21 13:44:55.028173: (inet) EVT: a.b.c.d cleaning up active peer setup, thread id 0x0
2023 Jun 21 13:44:55.028167: (inet) EVT: a.b.c.d session setup (active) timed out, setup state Active busy 0
2023 Jun 21 13:44:55.018111: (inet) EVT: a.b.c.d Wait (0 sec) for session setup response
2023 Jun 21 13:44:55.018104: (inet) EVT: Peer a.b.c.d state Active TCP connection failed
2023 Jun 21 13:44:55.017471: (inet) EVT: a.b.c.d went from Idle to Active (Active setup)
2023 Jun 21 13:44:55.017283: (inet) EVT: a.b.c.d Triggered active open for peer
2023 Jun 21 13:44:55.017205: (inet) EVT: a.b.c.d peer connection retry timer expired
2023 Jun 21 13:44:55.017201: (inet) EVT: a.b.c.d remote iod 0 skip resolving l3 addr
Configuration from far end:
router bgp Y
neighbor e.f.g.h
remote-as X
ebgp-multihop 255
update-source Bundle-Ether15.1653
address-family ipv4 unicast
send-community-ebgp
route-policy drop in
route-policy drop out
ping:
RP/0/RSP0/CPU0:gw#ping e.f.g.h source Bundle-Ether15.1653
Wed Jun 21 15:33:56.792 CEST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to e.f.g.h, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
telnet does not work - I am not sure why, because there is no firewall or ACL.
RP/0/RSP0/CPU0:gw#telnet e.f.g.h 179 source-interface Bundle-Ether15.1653
Trying e.f.g.h...
Use specified source interface(Bundle-Ether15.1653).
Use a.b.c.d as local address.
telnet: Unable to connect to remote host: Connection timed out
I can see incomming BGP session on far end, but I do not get reply on a nexus switch. I tried to configure ebgp-multihop session from my far end to another router (outside VxLAN fabric) and peering was up. So it means that configuration of my far end is ok.
Do you have any idea what is wrong with my setup?
Thank you. Rasto
