Fabric Edge Node not reaching outside Fabric

techno.it · ‎11-23-2024

I just prepared a small setup with 2 separate borders with LISP Pub/Sub and Nexus Switch as Fusion. On Fusion switch I have a network 172.16.1.0/24 with SVI IP 172.16.1.1 on GRT.

Injected a route (172.16.1.0/24) from Fusion Global Routing table to Border nodes into GREEN VRF. Route is received on Border1 in GREEN VRF. Route is registered in LISP on BN/control plane nodes. From the Border I can ping 172.16.1.1 using source anycast gateway (Loopback1023) within GREEN VRF ( ping vrf GREEN 172.16.1.1 sour Lo1023)

But I cannot ping from Edge Node using the same source anycast gateway ( SVI 172.16.1.1). Appreciate any advise.

This is just a test lab for now to understand more on packet flow and routing.

Andrii Oliinyk · ‎11-23-2024

is NX-OS switches vPC'ed? if so u seems hitting the same rakes u've been advised to avoid

techno.it · ‎11-23-2024

Thanks @Andrii Oliinyk

I guess figured it out. I think it is normal edge to not ping any external destination using an overlay interface/anycast gateway.

Anycast gateway on edge is the loopback IP on the Border so kind of duplication.

I am not sure too deep technically on this but if you can shed some light.

Andrii Oliinyk · ‎11-23-2024

whatever the reason. be advised to stop using vPC as IP-peering entity unless u made pure L3-setup over it.

techno.it · ‎11-23-2024

Sure thank you @Andrii Oliinyk

vPC will be still L2 transit only between Border and Fusion Firewalls

Andrii Oliinyk · ‎11-23-2024

with NX-OS vPC rule is simple, use it for L3-peering with pure L3-precautions.

Andrii Oliinyk · ‎11-23-2024

f u want to ping EN's VRFs from out of the fabric set unique Los per edge node per VRF

aans307 · ‎02-12-2025

Have you manage to figure it out, I am stuck under same issue.

Andrii Oliinyk · ‎02-12-2025

what is your problem exactly?
do u use vPC as single point of peering with borders?
or you cannot ping from ENs destinations outside the EN with AcGW as source?