Posted on December 21, 2020 4:39 am
 |  Asked by Martin
 |  52 views
Tags:
« Back to Previous Page
0
0
Print Friendly, PDF & Email

Hello,
For some reason I am not to able to ping via VRF the virtual router IP address [10.44.44.1] of leaf 7 from leaf 3[10.42.42.1].
Based on the capture, there are no ICMP packets send out at the egress interface of leaf3.

VTEP2 [leaf3 and 4]
VTEP4 [leaf7 and 8]
vEOS-lab-4.19.10M.vmdk

Please see extract below. I also attached the running config.

Thanks,

Martin

leaf3#sh vrf
Maximum number of vrfs allowed: 14
Vrf RD Protocols State Interfaces
——— —————— ————– —————— —————-
gold 10.0.250.13:1 ipv4,ipv6 v4:routing, Vlan1008, Vlan42
v6:no routing

mgmt ipv4,ipv6 v4:routing, Management1
v6:no routing

leaf3#sh ip virtual-router vrf gold
IP virtual router is configured with MAC address: c002.cafe.babe
MAC address advertisement interval: 30 seconds

Protocol: U – Up, D – Down, T – Testing, UN – Unknown
NP – Not Present, LLD – Lower Layer Down

Interface Vrf Virtual IP Address Protocol State
————— ———- ———————— ————– ——
Vl42 gold 10.42.42.1 U active

leaf3#sh ip route vrf gold

VRF name: gold
Codes: C – connected, S – static, K – kernel,
O – OSPF, IA – OSPF inter area, E1 – OSPF external type 1,
E2 – OSPF external type 2, N1 – OSPF NSSA external type 1,
N2 – OSPF NSSA external type2, B I – iBGP, B E – eBGP,
R – RIP, I L1 – ISIS level 1, I L2 – ISIS level 2,
O3 – OSPFv3, A B – BGP Aggregate, A O – OSPF Summary,
NG – Nexthop Group Static Route, V – VXLAN Control Service

Gateway of last resort is not set

C 10.42.42.0/24 is directly connected, Vlan42
B E 10.44.44.0/24 [1/0] via VTEP 10.0.255.14 VNI 100001 router-mac 0c:71:41:75:1f:d0

————————————————-

leaf4#sh vrf
Maximum number of vrfs allowed: 14
Vrf RD Protocols State Interfaces
——— —————— ————– —————— —————-
gold 10.0.250.13:1 ipv4,ipv6 v4:routing, Vlan1008, Vlan42
v6:no routing

mgmt ipv4,ipv6 v4:routing, Management1
v6:no routing

leaf4#sh ip virtual-router vrf
% Incomplete command
leaf4#sh ip virtual-router vrf gold
IP virtual router is configured with MAC address: c002.cafe.babe
MAC address advertisement interval: 30 seconds

Protocol: U – Up, D – Down, T – Testing, UN – Unknown
NP – Not Present, LLD – Lower Layer Down

Interface Vrf Virtual IP Address Protocol State
————— ———- ———————— ————– ——
Vl42 gold 10.42.42.1 U active

leaf4#sh ip route vrf gold

VRF name: gold
Codes: C – connected, S – static, K – kernel,
O – OSPF, IA – OSPF inter area, E1 – OSPF external type 1,
E2 – OSPF external type 2, N1 – OSPF NSSA external type 1,
N2 – OSPF NSSA external type2, B I – iBGP, B E – eBGP,
R – RIP, I L1 – ISIS level 1, I L2 – ISIS level 2,
O3 – OSPFv3, A B – BGP Aggregate, A O – OSPF Summary,
NG – Nexthop Group Static Route, V – VXLAN Control Service

Gateway of last resort is not set

C 10.42.42.0/24 is directly connected, Vlan42
B E 10.44.44.0/24 [1/0] via VTEP 10.0.255.14 VNI 100001 router-mac 0c:71:41:75:1f:d0

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

leaf7#sh vrf
Maximum number of vrfs allowed: 14
Vrf RD Protocols State Interfaces
——— —————— ————– —————— —————-
gold 10.0.250.17:1 ipv4,ipv6 v4:routing, Vlan1008, Vlan44
v6:no routing

mgmt ipv4,ipv6 v4:routing, Management1
v6:no routing

leaf7#sh ip virtual-router vrf gold
IP virtual router is configured with MAC address: c004.cafe.babe
MAC address advertisement interval: 30 seconds

Protocol: U – Up, D – Down, T – Testing, UN – Unknown
NP – Not Present, LLD – Lower Layer Down

Interface Vrf Virtual IP Address Protocol State
————— ———- ———————— ————– ——
Vl44 gold 10.44.44.1 U active

leaf7#sh ip route vrf gold

VRF name: gold
Codes: C – connected, S – static, K – kernel,
O – OSPF, IA – OSPF inter area, E1 – OSPF external type 1,
E2 – OSPF external type 2, N1 – OSPF NSSA external type 1,
N2 – OSPF NSSA external type2, B I – iBGP, B E – eBGP,
R – RIP, I L1 – ISIS level 1, I L2 – ISIS level 2,
O3 – OSPFv3, A B – BGP Aggregate, A O – OSPF Summary,
NG – Nexthop Group Static Route, V – VXLAN Control Service

Gateway of last resort is not set

B E 10.42.42.0/24 [1/0] via VTEP 10.0.255.12 VNI 100001 router-mac 0c:71:41:76:d6:2b
C 10.44.44.0/24 is directly connected, Vlan44

————————————————————————————–

leaf8#sh vrf
Maximum number of vrfs allowed: 14
Vrf RD Protocols State Interfaces
——— —————— ————– —————— —————-
gold 10.0.250.17:1 ipv4,ipv6 v4:routing, Vlan1008, Vlan44
v6:no routing

mgmt ipv4,ipv6 v4:routing, Management1
v6:no routing

leaf8#sh ip virtual-router vrf gold
IP virtual router is configured with MAC address: c004.cafe.babe
MAC address advertisement interval: 30 seconds

Protocol: U – Up, D – Down, T – Testing, UN – Unknown
NP – Not Present, LLD – Lower Layer Down

Interface Vrf Virtual IP Address Protocol State
————— ———- ———————— ————– ——
Vl44 gold 10.44.44.1 U active

leaf8#sh ip route vrf gold

VRF name: gold
Codes: C – connected, S – static, K – kernel,
O – OSPF, IA – OSPF inter area, E1 – OSPF external type 1,
E2 – OSPF external type 2, N1 – OSPF NSSA external type 1,
N2 – OSPF NSSA external type2, B I – iBGP, B E – eBGP,
R – RIP, I L1 – ISIS level 1, I L2 – ISIS level 2,
O3 – OSPFv3, A B – BGP Aggregate, A O – OSPF Summary,
NG – Nexthop Group Static Route, V – VXLAN Control Service

Gateway of last resort is not set

B E 10.42.42.0/24 [1/0] via VTEP 10.0.255.12 VNI 100001 router-mac 0c:71:41:76:d6:2b
C 10.44.44.0/24 is directly connected, Vlan44

| Tagged:
Attachments:
0
Posted by Leonid Ermilov
Answered on December 21, 2020 6:23 am

Hi Martin,

Can't find exact root cause from your outputs, but here are the recommendations for your setup:

  • your EOS version is really old. I would highly recommend to install latest M 4.23 or 4.24 EOS realease;
  • Even if vlan42 is local to your MLAG pair, make sure to add VLAN-VNI binding for it under Vxlan1 interface. Otherwise, there could be issues with ARP sync between MLAG pairs (it is relevant only to EVPN-VLAN MLAG pairs in 4.22+ EOS);
  • For some reason your "sh ip ro vrf gold" output shows only one Type5 route. I would expect to see ECMP EVPN Type5 since you have MLAG pair on both sides. Btw, in the recent releases (from 4.22 I think) EOS supports shared MLAG RMAC. With that command, you will see single remote Type5 route in "sh ip ro vrf <>" output, since EVPN RMAC will be same for MLAG pair.

So, general recommendation is upgrade veos and verify your Leaf config against "EVPN deployment guide" (https://www.arista.com/en/solutions/design-guides).

 

 
0
Posted by Aniket Bhowmick
Answered on December 21, 2020 8:03 am

Hi Martin,

Thank you for posting your question. Some observations:

  • We see that you are using "ip virtual-router address"  (also known as "VARP") command under SVI 42/SVI44 which is used for EVPN Type-5
  • We didn't officially support VARP in EVPN before 4.23.2F though the command is available to configure. It was never tested and we may see some unpredictable behaviours.
  • Here is the TOI since when VARP with EVPN is supported- https://eos.arista.com/eos-4-23-2f/evpn-centralized-anycast-gateway/
  • Since your vEOS is running on 4.19.10M, we suggest you to refrain from using VARP and rather use "ip address virtual" command instead in the SVIs of each leaf.
  • Another point- if you are using "ip address virtual" in a VRF, make sure there is at least one or more SVI (not loopback) which is configured with a "Physical IP" (ip address <>) in that vrf. If only a Virtual IP (ip address virtual) is present in the vrf, the vrf will not be active, a Physical IP (on a SVI) is required.
  • Also, we generally don't suggest pinging from VTEP to VTEP. After you configure the "ip address virtual", ping from Leaf3 to Leaf7 may still fail (due to Source IP NAT which is expected). But end to end will definitely work. So it is always good to connect some hosts behind Leaf3 and Leaf7 and do the ping between the hosts.
  • If you insist to use VARP in this setup, we would recommend you to upgrade to 4.23.2F or above and see if it works.

Let us know if you have any further query.

Regards,

Aniket

 
« Back to Previous Page

Post your Answer

You must be logged in to post an answer.