Posted on August 27, 2014 3:17 pm
 |  Asked by kenny marlow
 |  14320 views
RESOLVED
0
0
Print Friendly, PDF & Email

I am having an issue with setting up a vxlan configuration. Is there something I am missing in the below setup – I am trying to get a CPE connection across a physical network with vxlan?  I can ping into switch 1 (custA switch) from the CPE, but I have nothing saying vxlan is working between the two switches. I have followed the config guide but I cannot get any vxlan address table entries to show vlan to vxlan mapping is working.

device-1 – CPE device with layer-2 vlan 100 with ip address 20.20.20.2/24>

switch-1 config:

vlan 100
!
interface Ethernet1
description dc1-fw1-linknet
switchport mode trunk
!
interface Ethernet2
no switchport
!
interface Ethernet3
description linknet-gw-switch
no switchport
ip address 85.10.10.0/31
!
interface Loopback15
ip address 10.10.10.1/24
!
interface Management1
ip address 192.168.1.202/24
!
interface Vlan100
ip address 20.20.20.3/24
ip virtual-router address 20.20.20.1
!
interface Vxlan1
vxlan multicast-group 225.1.1.1
vxlan source-interface Loopback15
vxlan udp-port 4789
vxlan vlan 100 vni 10000
!
ip virtual-router mac-address 00:00:00:00:00:48
!
ip routing
!
route-map vxlanvlan permit 10
match interface Loopback15
!
route-map vxlanvlan permit 20
match interface Vlan100
!
router ospf 1
router-id 100.100.100.2
redistribute connected route-map vxlanvlan
network 85.10.10.0/31 area 0.0.0.51
max-lsa 12000
maximum-paths 16
!
!
end

switch-2 config:

vlan 100
!
interface Ethernet1
!
interface Ethernet2
description linknet-custA-switch
no switchport
ip address 85.10.10.1/31
!
interface Ethernet3
!
interface Ethernet4
!
interface Loopback15
ip address 10.10.10.2/24
!
interface Management1
ip address 192.168.1.203/24
!
interface Vlan100
ip address 20.20.20.4/24
ip virtual-router address 20.20.20.5
!
interface Vxlan1
vxlan multicast-group 225.1.1.1
vxlan source-interface Loopback15
vxlan udp-port 4789
vxlan vlan 100 vni 10000
!
ip virtual-router mac-address 00:00:00:00:00:49
!
ip routing
!
route-map vxlanvlan permit 10
match interface Loopback15
!
route-map vxlanvlan permit 20
match interface Vlan100
!
router ospf 1
router-id 100.100.100.1
redistribute connected route-map vxlanvlan
network 85.10.10.0/31 area 0.0.0.51
max-lsa 12000
maximum-paths 16
!
!
end
0
Posted by Alex
Answered on August 27, 2014 3:51 pm

Hi Kenny, what EOS version and platform are you running the VXLAN configuration on?

The VXLAN routing functionality which is configured on VLAN 100 is not supported with a VXLAN multicast control plane, you need to use the VXLAN flood-list function with VXLAN routing. The configuration would therefore be:

Switch 1:

!
interface Vxlan1
vxlan multicast-group 225.1.1.1 --> This line is removed
vxlan vlan 100 flood vtep 10.10.10.2 --> This line is added and lists the Remote VTEPs within this VNI for sending BUM traffic
vxlan source-interface Loopback15
vxlan udp-port 4789
vxlan vlan 100 vni 10000
!

Switch 2:
!
interface Vxlan1
vxlan multicast-group 225.1.1.1 --> This line is removed
vxlan vlan 100 flood vtep 10.10.10.1 --> This line is added and lists the Remote VTEPs within this VNI for sending BUM traffic
vxlan source-interface Loopback15 vxlan udp-port 4789
vxlan vlan 100 vni 10000
!

If  you want to support  VARP with the VXLAN routing, you need to add a ”VARP VTEP” address to the loopback interface on  both switches. The same IP address is configured on both switches, this is to ensure the VARP MAC is always learnt behind the same VTEP IP address regardless of which switch responds to the ARP for the VARP.

Switch 1:

!

interface Loopback15
ip address 10.10.10.1/24
ip address 11.11.11.2/32 secondary --> This will be the VTEP which the VARP MAC will be learnt behind
!

Switch 2: 

!

interface Loopback15
ip address 10.10.10.2/24
ip address 11.11.11.2/32 secondary --> This will be the VTEP which the VARP MAC will be learnt behind
!

 

Alex

0
Posted by kenny marlow
Answered on August 29, 2014 10:47 am

hi Alex

thanks for looking at this. I tried the configuration you stated but still getting nothing. I am running this as a virtual test. I am looking at NFV and virtual CPE connectivity. The CPE is a firewall residing in ESXi / vsphere 5.5, with a dswitch connection into the VEOS switch. The  switch is external to the virtual CPE host, so i was thinking it would possibly be okay. I will probably need to try it on physical hardware from the vCPE host.

Post your Answer

You must be logged in to post an answer.