cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1165
Views
5
Helpful
2
Replies

Help implementing vxlan on 1000v ver 4.2.1.SV2.2.1a on Esxi5.5

fedcre
Level 1
Level 1

Hi all,

i'm implementig vxlan on the new version of 1000v (4.2.1.SV2.2.1a) on esxi5.5 and Vsphere 5.5. I try this in my lab.

I'm encountering some problems with the multicast implentation of vxlan, on a l2 mode between vsm and vem, and on a l2 domain.

I see the multicast correctly encapsulated by vtep vem, The bridge groups are ok , with the right Veths. But i 've some problems with the igmp ( no reports are receveid from esxi hosts)

The vtep interfaces receives the queries from the uplink switch :

cisco1000v_lab_l2(vem-attach)# vemcmd show vxlan interfaces

LTL     VSM Port      IP       Seconds since Last   Vem Port

                               IGMP Query Received

(* = IGMP Join Interface/Designated VTEP)

-----------------------------------------------------------

49        Veth1  172.28.19.98        27             vmk1         *

vem 4

cisco1000v_lab_l2(vem-attach)# vemcmd show vxlan interfaces

LTL     VSM Port      IP       Seconds since Last   Vem Port

                               IGMP Query Received

(* = IGMP Join Interface/Designated VTEP)

-----------------------------------------------------------

49        Veth2  172.28.19.99        10             vmk1 

ONLY multicast is encapsulated, and no unicast and arp from the remote ip

cisco1000v_lab_l2(vem-attach)# vemcmd show l2 bd-name vxw-dvs-217-virtualwire-6-sid-5003-dvs.VCDVSDataCenter-dmz-01-d53ae0b8-7d68-4b24

Bridge domain   12 brtmax 4096, brtcnt 1, timeout 300

Segment ID 5003, swbd 4096, "vxw-dvs-217-virtualwire-6-sid-5003-dvs.VCDVSDataCenter-dmz-01-d53ae0b8-7d68-4b24"

Flags:  P - PVLAN  S - Secure  D - Drop

       Type         MAC Address   LTL   timeout   Flags    PVLAN    Remote IP    DSN

     Static   00:50:56:a0:3d:d9    54         0                      0.0.0.0   0

cisco1000v_lab_l2(vem-attach)# exit

cisco1000v_lab_l2# attach vem 4

cisco1000v_lab_l2(vem-attach)# vemcmd show l2 bd-name vxw-dvs-217-virtualwire-6-sid-5003-dvs.VCDVSDataCenter-dmz-01-d53ae0b8-7d68-4b24

Bridge domain   12 brtmax 4096, brtcnt 1, timeout 300

Segment ID 5003, swbd 4096, "vxw-dvs-217-virtualwire-6-sid-5003-dvs.VCDVSDataCenter-dmz-01-d53ae0b8-7d68-4b24"

Flags:  P - PVLAN  S - Secure  D - Drop

       Type         MAC Address   LTL   timeout   Flags    PVLAN    Remote IP    DSN

     Static   00:50:56:01:00:0e    51         0                      0.0.0.0   0

cisco1000v_lab_l2(vem-attach)# vemcmd show vxlan-stats

  LTL  Ucast   Mcast/Repl   Ucast   Mcast    Total

       Encaps  Encaps       Decaps  Decaps   Drops

   49       0          707       0       0       0

   52       0           91       0       0       0

   54       0           19       0       0       0

cisco1000v_lab_l2(vem-attach)# vemcmd show vxlan-stats

  LTL  Ucast   Mcast/Repl   Ucast   Mcast    Total

       Encaps  Encaps       Decaps  Decaps   Drops

   49       0          640       0       0       0

   51       0          566       0       0       0

I try to sniff the Multicast leaving/entering  the VEM, and i see only the queries from my upstream switch to the 224.0.0.1 all host group.

But no one answer to the queries with a report message ...

With the vempkt command i capture in ingress only the query message entering the ltl 561 ( portchannel uplink for the vxlan in vlan 400)

------SF Packet Information------

           Capture Stage   : Ingress

              Source LTL   : 20 (561)

         Destination LTL   : 0

                    HWBD   : 10

              Vlan/SegID   : 400

------Packet L3 Header Information------

        Source IP Address   : 172.28.19.97

   Destination IP Address   : 224.0.0.1

        IP Protocol Type:     2

------Packet L2 Header Information------

      Source MAC Address   : 00:26:51:0f:1c:00

Destination MAC Address   : 01:00:5e:00:00:01

                  Type    : 2048

Payload :

    00000: 01 00 5e 00 00 01 00 26 51 0f 1c 00 08 00 46 c0

    00016: 00 20 c4 e6 00 00 01 02 bf b2 ac 1c 13 61 e0 00

    00032: 00 01 94 04 00 00 11 64 ee 9b 00 00 00 00 00 00

    00048: 00 00 00 00 00 00 00 00 00 00 00 00

NO report received from the veth1, corresponding to the vmk1 with vxlan capability...

Even with the capture egress, i see only the query from the upstream switch towards the veth1, vmk1, but not answer from the vmk1...

Can someone help me? Is there some incompatibility with the queries igmp send from the uplink switch 2960 c2960-lanlitek9-mz.122-58.SE2 and the esxi version 5.5 ? The configuration of 2960 is :

ip igmp snooping querier address 172.28.19.97

ip igmp snooping querier

I need to upgrade to new version of 1000v , but i must solve this problem first....

Thank in advance

Federica

1 Accepted Solution

Accepted Solutions

srisrika
Level 1
Level 1

Hello federica,

Could you please check the firewall option if IGMP traffic is allowed? This could be verified using the command.

localcli --plugin-dir /usr/lib/vmware/esxcli/int networkinternal firewall get

If is disabled, could you please set the firewall option to allow igmp, using the below command:

localcli --plugin-dir /usr/lib/vmware/esxcli/int networkinternal firewall set --pass-igmp true

Please let me know if is fixing the issue.

Thanks,

Srikanth

View solution in original post

2 Replies 2

srisrika
Level 1
Level 1

Hello federica,

Could you please check the firewall option if IGMP traffic is allowed? This could be verified using the command.

localcli --plugin-dir /usr/lib/vmware/esxcli/int networkinternal firewall get

If is disabled, could you please set the firewall option to allow igmp, using the below command:

localcli --plugin-dir /usr/lib/vmware/esxcli/int networkinternal firewall set --pass-igmp true

Please let me know if is fixing the issue.

Thanks,

Srikanth

Hello Srikanth,

thanks for your precious help!!!!

~ # localcli --plugin-dir /usr/lib/vmware/esxcli/int networkinternal firewall ge
t
Firewall:
   ERSPAN Traffic Allowed: true
   IGMP Traffic Allowed: false
~ #

Igmp traffic was filtered on Esxi...

Now it is working ...

Thanks a lot.

Federica

Review Cisco Networking for a $25 gift card