Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3231
Views
0
Helpful
5
Replies

VxlAN catalyst 9300 CAT9K_IOSXE 16.9

mkebieche
Level 1
Level 1

‎07-30-2019 12:47 PM

hi,

 

I try to test vxlan with cisco catalyst 9300 IOSXE 16.9

the lab look like this : 

 

VxLAN_1.png

In that configuration all of the hosts were learned by the VTEPs from BUM traffic flooded using multicast.

 

configs:

switch right :

 

version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname switch-right
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision c9300-24t
!
!
!
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
ip routing
!
ip multicast-routing
no ip domain lookup
!
login on-success log
!
!
license boot level network-advantage addon dna-advantage
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
redundancy
mode sso
!
!
!
!
!
transceiver type all
monitoring
!
vlan configuration 1000
member vni 5000
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip pim sparse-mode
ip ospf 10 area 0
!
interface Loopback1
ip address 3.3.3.3 255.255.255.255
ip pim sparse-mode
ip ospf 10 area 0
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
no switchport
ip address 10.10.10.2 255.255.255.252
ip pim sparse-mode
ip ospf 10 area 0
!
interface GigabitEthernet1/0/2
switchport access vlan 1000
switchport mode access
!
!
interface nve1
no ip address
source-interface Loopback0
member vni 5000 mcast-group 230.1.1.1
!
router ospf 10
router-id 2.2.2.2
!
ip forward-protocol nd
ip pim rp-address 3.3.3.3 12 override
!
access-list 12 permit 230.1.1.1
!
control-plane
service-policy input system-cpp-policy
!

end

 

 

switch left :

version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname switch-left
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision c9300-24t
!
!
!
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
ip routing
!
!
!
!
!
ip multicast-routing
no ip domain lookup
!
!
!
login on-success log
!

license boot level network-advantage addon dna-advantage
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
redundancy
mode sso
!
!
!
!
!
transceiver type all
monitoring
!
vlan configuration 1000
member vni 5000
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description Inter FED, EWLC control, EWLC data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Fd
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip pim sparse-mode
ip ospf 10 area 0
!
interface Loopback1
ip address 3.3.3.3 255.255.255.255
ip pim sparse-mode
ip ospf 10 area 0
!
!
interface GigabitEthernet1/0/1
no switchport
ip address 10.10.10.1 255.255.255.252
ip pim sparse-mode
ip ospf 10 area 0
!
interface GigabitEthernet1/0/2
switchport access vlan 1000
switchport mode access
!
interface nve1
no ip address
source-interface Loopback0
member vni 5000 mcast-group 230.1.1.1
!
router ospf 10
router-id 1.1.1.1
!
ip forward-protocol nd
ip pim rp-address 3.3.3.3 12 override
!
access-list 12 permit 230.1.1.1
!
control-plane
service-policy input system-cpp-policy

!

end
 

 

my problem is :  I can not ping between  the two host and the status of nve interface is always down

this is  show commands to view VTEP status

 

switch-left#show nve vni
Interface VNI Multicast-group VNI state Mode VLAN cfg vrf
nve1 5000 230.1.1.1 Down L2CP 1000 CLI N/A

 


switch-left#sho nve peers
Interface VNI Type Peer-IP RMAC/Num_RTs eVNI state flags UP time



switch-left#sho ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable,
L - DR Load-balancing Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.10.10.2 GigabitEthernet1/0/1 1d02h/00:01:41 v2 1 / DR S P G

 

 

switch-left#sho nve interface nve 1
Interface: nve1, State: Admin Up, Oper Up, Encapsulation: Vxlan,
BGP host reachability: Disable, VxLAN dport: 4789
VNI number: L3CP 0 L2CP 1 L2DP 0
source-interface: Loopback0 (primary:1.1.1.1 vrf:0)

 

 

 

 

 

Labels:
0 Helpful
5 Replies 5

gbolivar
Cisco Employee
Cisco Employee

‎07-30-2019 02:43 PM

Hello,

Can you please share the following outputs.

sh ip mroute
show ip int br | ex una
show ip pim rp map

Since you are using Anycast RP i will recommend you to try using MSDP.

more info on MSDP can be found here.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-9/configuration_guide/ip_mcast_rtng/b_169_ip_mcast_rtng_9500_cg/configuring___msdp.html

Regards,

Gary Bolivar
0 Helpful

mkebieche
Level 1
Level 1
In response to gbolivar

‎07-30-2019 04:22 PM

sw-right#sho ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group, c - PFP-SA cache created entry
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 230.1.1.1), 1d07h/00:01:50, RP 3.3.3.3, flags: SJCx
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Tunnel0, Forward/Sparse-Dense, 03:07:52/00:01:07

(*, 224.0.1.40), 1d07h/00:02:50, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Loopback0, Forward/Sparse, 1d07h/00:02:50

 

 

sw-right#show ip int br | ex una
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1/0/1 10.10.10.2 YES NVRAM up up
Loopback0 2.2.2.2 YES NVRAM up up
Loopback1 3.3.3.3 YES NVRAM up up
Tunnel0 2.2.2.2 YES unset up up
Tunnel1 3.3.3.3 YES unset up up
Tunnel2 3.3.3.3 YES unset up up


sw-right#sho ip pim rp map
PIM Group-to-RP Mappings

Acl: 12, Static-Override
RP: 3.3.3.3 (?)


sw-left#sho ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group, c - PFP-SA cache created entry
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 230.1.1.1), 1d07h/00:02:23, RP 3.3.3.3, flags: SJCx
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Tunnel0, Forward/Sparse-Dense, 1d07h/00:01:44

(*, 224.0.1.40), 1d07h/00:02:35, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Loopback0, Forward/Sparse, 1d07h/00:02:35


sw-left#sh ip int br | ex una
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1/0/1 10.10.10.1 YES NVRAM up up
Loopback0 1.1.1.1 YES NVRAM up up
Loopback1 3.3.3.3 YES NVRAM up up
Tunnel0 1.1.1.1 YES unset up up
Tunnel1 3.3.3.3 YES unset up up
Tunnel2 3.3.3.3 YES unset up up


sw-left#sho ip pim rp map
PIM Group-to-RP Mappings

Acl: 12, Static-Override
RP: 3.3.3.3 (?)

 

 

 

 

0 Helpful

mkebieche
Level 1
Level 1
In response to mkebieche

‎07-30-2019 04:32 PM

I also wondered why nve interface is in l2cp mode rather then l2dp !!
is't possible to change this ?

 

I don't want to use BGP EVPN

 

sw-left#sho nve vni

Interface VNI Multicast-group VNI state Mode VLAN cfg vrf
nve1 5000 230.1.1.1 Down L2CP 1000 CLI N/A

sw-right#sho nve vni
Interface VNI Multicast-group VNI state Mode VLAN cfg vrf
nve1 5000 230.1.1.1 Down L2CP 1000 CLI N/A

 

 

 

0 Helpful

mkebieche
Level 1
Level 1
In response to mkebieche

‎08-06-2019 04:48 PM

someone have any idea
very headache :)

0 Helpful

mkebieche
Level 1
Level 1
In response to mkebieche

‎08-09-2019 07:54 AM

now it's working I  have just change rp-address and put sw-left like rp for both

 

now I can ping from PC-1 to PC-2 and I can see icmp packet encapsulated into VxLAN packet

 

but I don't understand why trafic counter into NVE interface is null !! and

no peering beetwin two VTEP Gateway

 

sw-left#sho nve peers
Interface VNI Type Peer-IP RMAC/Num_RTs eVNI state flags UP time
sw-left#

 

I share my last configuration file

 

 

 

Preview file
8 KB
Preview file
7 KB
icmp_cap_192.168.0.10_to_192.168.0.20.pcap.pcapng
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card