Solved: Cisco Nexus N9K Loopback Testing

vondoom2 · ‎10-06-2022

I've been trying to establish a configuration for performing loopback testing and this is the closest I have gotten. Previously I was getting the message "Destination Host Unreachable" so I've made progress, but it's still not quite right. Can anyone see where I may have left something out that would allow these two interfaces to successfully communicate?

Switch# conf t
Switch(config)# vrf context TestA
Switch(config-vrf)# exit
Switch(config)# vrf context TestB
Switch(config-vrf)# exit
Switch(config)# int loopback 0
Switch(config-if)# vrf member TestA
Warning: Deleted all L3 config on interface loopback0
Switch(config-if)# ip address 10.10.10.1/24
Switch(config-if)# no shutdown
Switch(config-if)# exit
Switch(config)# interface loopback 1
Switch(config-if)# vrf member TestB
Warning: Deleted all L3 config on interface loopback1
Switch(config-if)# ip address 10.10.10.2/24
Switch(config-if)# no shutdown
Switch(config-if)# end
Switch(config)# int e1/13
Switch(config-if)# vrf member TestA
Warning: Deleted all L3 config on interface Ethernet1/13
Switch(config-if)# no shutdown
Switch(config-if)# exit
Switch(config)# int e1/15
Switch(config-if)# vrf member TestB
Warning: Deleted all L3 config on interface Ethernet1/15
Switch(config-if)# no shutdown
Switch(config-if)# end
Switch# ping 10.10.10.2 source-interface loopback 0
PING 10.10.10.2 (10.10.10.2): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 10.10.10.2 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss

Christopher Hart · ‎10-07-2022

Hello!

There are a few different ways to perform loopback testing, depending on what you're trying to do. Based upon your configuration, when you say "loopback testing", I'm assuming you mean a scenario where you are looping back cables between two different physical interfaces of the same switch (for example, Ethernet1/1 connects to Ethernet1/2). You are then assigning a unique VRF to each physical interface, then placing both physical interfaces in the same broadcast domain/subnet (for example, Ethernet1/1 in VRF Blue is assigned 192.0.2.1/24 and Ethernet1/2 in VRF Red is assigned 192.0.2.2/24). You are then pinging between the two interfaces (e.g. ping 192.0.2.2 vrf Blue and/or ping 192.0.2.1 vrf Red) to validate that the ports operate as expected.

If the above accurately describes the "loopback testing" you are performing, then on modern Nexus 9000 series switches, you will most likely need to configure a unique, non-default static MAC address on at least one of the two physical interfaces. On modern Nexus 9000 series switches, this is needed so that the switch does not send a packet with the same source and destination MAC address, both of which are assigned to the switch as BIA (Burned-In Addresses). To simplify a lot of complex technical details, the ASIC "doesn't like" receiving packets where the source and destination addresses are both BIA and tends to drop those packets. You can work around this by statically assigning a non-BIA MAC address (e.g. 0000.0000.aaaa) to one of the two physical interfaces, which should allow the ping to start working.

Just so that you're aware, if the intent of this test is to validate that all ports of a Nexus 9000 switch function as expected prior to deploying it into production, I've seen this type of testing called "snake testing", and there are other ways to perform it that may suit your needs. Check out this blog post, which does an excellent job of explaining how to perform this type of testing.

I hope this helps - thank you!

-Christopher

View solution in original post

MHM Cisco World · ‎10-06-2022

this is inter-VRF connection
you need VRF leak to run and success this test.

vondoom2 · ‎10-06-2022

Thank you for the response. Would yo be able to provide an example I might be able to go off of how that works? Thank you.

Christopher Hart · ‎10-07-2022

Hello!

There are a few different ways to perform loopback testing, depending on what you're trying to do. Based upon your configuration, when you say "loopback testing", I'm assuming you mean a scenario where you are looping back cables between two different physical interfaces of the same switch (for example, Ethernet1/1 connects to Ethernet1/2). You are then assigning a unique VRF to each physical interface, then placing both physical interfaces in the same broadcast domain/subnet (for example, Ethernet1/1 in VRF Blue is assigned 192.0.2.1/24 and Ethernet1/2 in VRF Red is assigned 192.0.2.2/24). You are then pinging between the two interfaces (e.g. ping 192.0.2.2 vrf Blue and/or ping 192.0.2.1 vrf Red) to validate that the ports operate as expected.

If the above accurately describes the "loopback testing" you are performing, then on modern Nexus 9000 series switches, you will most likely need to configure a unique, non-default static MAC address on at least one of the two physical interfaces. On modern Nexus 9000 series switches, this is needed so that the switch does not send a packet with the same source and destination MAC address, both of which are assigned to the switch as BIA (Burned-In Addresses). To simplify a lot of complex technical details, the ASIC "doesn't like" receiving packets where the source and destination addresses are both BIA and tends to drop those packets. You can work around this by statically assigning a non-BIA MAC address (e.g. 0000.0000.aaaa) to one of the two physical interfaces, which should allow the ping to start working.

Just so that you're aware, if the intent of this test is to validate that all ports of a Nexus 9000 switch function as expected prior to deploying it into production, I've seen this type of testing called "snake testing", and there are other ways to perform it that may suit your needs. Check out this blog post, which does an excellent job of explaining how to perform this type of testing.

I hope this helps - thank you!

-Christopher

vondoom2 · ‎10-10-2022

Yes, the above statement is correct because I have a Nexus 9000 switch inside an enclosure and I'm connecting loopback cables to ensure that the cables are functional and not crossed/miswired. I tried to use a non-BIA MAC address as mentioned in the response and the result was still no ping. Unless there is a featured that I had not enabled that should be enabled.

vondoom2 · ‎10-10-2022

When I did a search the VRF Leaking seemed to be the closest thing to allowing me to be able to ping from one port to another. Most VRF Leaking commands I see are for a router and not necessarily a Nexus 9000 switch, which has not proven too helpful for me.

vondoom2 · ‎10-10-2022

Update to my previous two posts. Finally I was able to achieve a loopback ping between the two interfaces in my example. What you stated previously was correct, but was only half of my issue. My other issue was that "feature eigrp" was not enabled on the switch. Once I enabled that and a slight change to the config to the interfaces, I did indeed have to change the MAC Address to one of the interfaces in order for my ping command to work. Thank you for the assistance.