Fabric Edge Node not reaching outside Fabric

techno.it · ‎11-23-2024

I just prepared a small setup with 2 separate borders with LISP Pub/Sub and Nexus Switch as Fusion. On Fusion switch I have a network 172.16.1.0/24 with SVI IP 172.16.1.1 on GRT.

Injected a route (172.16.1.0/24) from Fusion Global Routing table to Border nodes into GREEN VRF. Route is received on Border1 in GREEN VRF. Route is registered in LISP on BN/control plane nodes. From the Border I can ping 172.16.1.1 using source anycast gateway (Loopback1023) within GREEN VRF ( ping vrf GREEN 172.16.1.1 sour Lo1023)

But I cannot ping from Edge Node using the same source anycast gateway ( SVI 172.16.1.1). Appreciate any advise.

This is just a test lab for now to understand more on packet flow and routing.

andy!doesnt!like!uucp · ‎11-23-2024

is NX-OS switches vPC'ed? if so u seems hitting the same rakes u've been advised to avoid

techno.it · ‎11-23-2024

Thanks @andy!doesnt!like!uucp

I guess figured it out. I think it is normal edge to not ping any external destination using an overlay interface/anycast gateway.

Anycast gateway on edge is the loopback IP on the Border so kind of duplication.

I am not sure too deep technically on this but if you can shed some light.

andy!doesnt!like!uucp · ‎11-23-2024

whatever the reason. be advised to stop using vPC as IP-peering entity unless u made pure L3-setup over it.

techno.it · ‎11-23-2024

Sure thank you @andy!doesnt!like!uucp

vPC will be still L2 transit only between Border and Fusion Firewalls

andy!doesnt!like!uucp · ‎11-23-2024

with NX-OS vPC rule is simple, use it for L3-peering with pure L3-precautions.

andy!doesnt!like!uucp · ‎11-23-2024

f u want to ping EN's VRFs from out of the fabric set unique Los per edge node per VRF